linux/fs/ecryptfs
Roberto Sassu 48b512e685 ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()
Ecryptfs is a stackable filesystem which relies on lower filesystems the
ability of setting/getting extended attributes.

If there is a security module enabled on the system it updates the
'security' field of inodes according to the owned extended attribute set
with the function vfs_setxattr().  When this function is performed on a
ecryptfs filesystem the 'security' field is not updated for the lower
filesystem since the call security_inode_post_setxattr() is missing for
the lower inode.
Further, the call security_inode_setxattr() is missing for the lower inode,
leading to policy violations in the security module because specific
checks for this hook are not performed (i. e. filesystem
'associate' permission on SELinux is not checked for the lower filesystem).

This patch replaces the call of the setxattr() method of the lower inode
in the function ecryptfs_setxattr() with vfs_setxattr().

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Cc: stable <stable@kernel.org>
Cc: Dustin Kirkland <kirkland@canonical.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
2010-10-29 10:31:35 -05:00
..
crypto.c eCryptfs: Fix encrypted file name lookup regression 2010-08-27 10:50:53 -05:00
debug.c eCryptfs: update comment and debug statement 2007-10-16 09:43:11 -07:00
dentry.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ecryptfs_kernel.h switch ecryptfs_write() to struct inode *, kill on-stack fake files 2010-05-21 18:31:28 -04:00
file.c fs/ecryptfs/file.c: introduce missing free 2010-08-09 13:25:24 -05:00
inode.c ecryptfs: call vfs_setxattr() in ecryptfs_setxattr() 2010-10-29 10:31:35 -05:00
Kconfig eCryptfs: Remove Kconfig NET dependency and select MD5 2009-10-08 11:31:36 -05:00
keystore.c fs/ecryptfs: Return -ENOMEM on memory allocation failure 2010-08-27 10:50:52 -05:00
kthread.c ecryptfs: properly mark init functions 2010-08-27 10:50:52 -05:00
main.c Ban ecryptfs over ecryptfs 2010-05-21 18:31:27 -04:00
Makefile eCryptfs: remove netlink transport 2008-10-16 11:21:39 -07:00
messaging.c ecryptfs: properly mark init functions 2010-08-27 10:50:52 -05:00
miscdev.c ecryptfs: properly mark init functions 2010-08-27 10:50:52 -05:00
mmap.c switch ecryptfs_get_locked_page() to struct inode * 2010-05-21 18:31:28 -04:00
read_write.c switch ecryptfs_write() to struct inode *, kill on-stack fake files 2010-05-21 18:31:28 -04:00
super.c pass a struct path to vfs_statfs 2010-08-09 16:48:42 -04:00