Currently, opening O_PATH file descriptors completely bypasses the LSM
infrastructure. Invoking the LSM file_open hook for O_PATH fds will
be necessary for e.g. mediating the fsmount() syscall.
Signed-off-by: Ryan Lee <ryan.lee@xxxxxxxxxxxxx>
---
fs/open.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/open.c b/fs/open.c
index 30bfcddd505d..0f8542bf6cd4 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -921,8 +921,13 @@ static int do_dentry_open(struct file *f,
if (unlikely(f->f_flags & O_PATH)) {
f->f_mode = FMODE_PATH | FMODE_OPENED;
file_set_fsnotify_mode(f, FMODE_NONOTIFY);
f->f_op = &empty_fops;
- return 0;
+ /*
+ * do_o_path in fs/namei.c unconditionally invokes path_put
+ * after this function returns, so don't path_put the path
+ * upon LSM rejection of O_PATH opening
+ */
+ return security_file_open(f);
}
if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
--
2.43.0
base-kernel: v6.14-rc6
