Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
selinux: don't reserve xattr slot when we won't fill it
Move lsm_get_xattr_slot() below the SBLABEL_MNT check so we don't leave
a NULL-named slot in the array when returning -EOPNOTSUPP; filesystem
initxattrs() callbacks stop iterating at the first NULL ->name, silently
dropping xattrs installed by later LSMs.
Cc: stable@vger.kernel.org
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
authored by
David Windsor
and committed by
Paul Moore
1e5a8eed
032e70af
+2
-1
+2
-1
security/selinux/hooks.c
+2
-1
security/selinux/hooks.c
···
2966
2966
{
2967
2967
const struct cred_security_struct *crsec = selinux_cred(current_cred());
2968
2968
struct superblock_security_struct *sbsec;
2969
-
struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
2969
+
struct xattr *xattr;
2970
2970
u32 newsid, clen;
2971
2971
u16 newsclass;
2972
2972
int rc;
···
2992
2992
!(sbsec->flags & SBLABEL_MNT))
2993
2993
return -EOPNOTSUPP;
2994
2994
2995
+
xattr = lsm_get_xattr_slot(xattrs, xattr_count);
2995
2996
if (xattr) {
2996
2997
rc = security_sid_to_context_force(newsid,
2997
2998
&context, &clen);