vfs: Check for the IOP_XATTR flag in listxattr
When an inode doesn't support xattrs, turn listxattr off as well. (When xattrs are "turned off", the VFS still passes security xattr operations through to security modules, which can still expose inode security labels that way.) Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
5d6c31910b
commit
bf3ee71363
13
fs/xattr.c
13
fs/xattr.c
|
@ -326,18 +326,19 @@ nolsm:
|
|||
EXPORT_SYMBOL_GPL(vfs_getxattr);
|
||||
|
||||
ssize_t
|
||||
vfs_listxattr(struct dentry *d, char *list, size_t size)
|
||||
vfs_listxattr(struct dentry *dentry, char *list, size_t size)
|
||||
{
|
||||
struct inode *inode = d_inode(dentry);
|
||||
ssize_t error;
|
||||
|
||||
error = security_inode_listxattr(d);
|
||||
error = security_inode_listxattr(dentry);
|
||||
if (error)
|
||||
return error;
|
||||
error = -EOPNOTSUPP;
|
||||
if (d->d_inode->i_op->listxattr) {
|
||||
error = d->d_inode->i_op->listxattr(d, list, size);
|
||||
if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
|
||||
error = -EOPNOTSUPP;
|
||||
error = inode->i_op->listxattr(dentry, list, size);
|
||||
} else {
|
||||
error = security_inode_listsecurity(d->d_inode, list, size);
|
||||
error = security_inode_listsecurity(inode, list, size);
|
||||
if (size && error > size)
|
||||
error = -ERANGE;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue