Ecryptfs is a stackable filesystem which relies on lower filesystems the ability of setting/getting extended attributes. If there is a security module enabled on the system, it updates the 'security' field of inodes according to the owned extended attribute set with the function vfs_setxattr(). When this function is performed on a ecryptfs filesystem the 'security' field is not updated for the lower filesystem since the call security_inode_post_setxattr() is missing for the lower inode. This patch makes the function __vfs_setxattr_noperm() available for modules and replaces the call to the setxattr() method of the lower inode with the exported function. The patch applies on the latest checked commit (a850ea30374eb) of the mainline kernel. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx> --- fs/ecryptfs/inode.c | 5 +++-- fs/xattr.c | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 3fbc942..e17f65d 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -32,6 +32,7 @@ #include <linux/crypto.h> #include <linux/fs_stack.h> #include <linux/slab.h> +#include <linux/xattr.h> #include <asm/unaligned.h> #include "ecryptfs_kernel.h" @@ -1109,8 +1110,8 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, goto out; } mutex_lock(&lower_dentry->d_inode->i_mutex); - rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, - size, flags); + rc = __vfs_setxattr_noperm(lower_dentry, name, value, + size, flags); mutex_unlock(&lower_dentry->d_inode->i_mutex); out: return rc; diff --git a/fs/xattr.c b/fs/xattr.c index 01bb813..40f42af 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -106,6 +106,7 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, return error; } +EXPORT_SYMBOL_GPL(__vfs_setxattr_noperm); int -- 1.7.2.3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature