Now that O_PATH fds are being passed to the file_open hook, unconditionally skip mediation of them to preserve existing behavior. Signed-off-by: Ryan Lee <ryan.lee@xxxxxxxxxxxxx> --- security/tomoyo/file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8f3b90b6e03d..efecfa7d15b2 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -762,6 +762,10 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, }; int idx; + /* Preserve the behavior of O_PATH fd creation not being mediated */ + if (flag & O_PATH) + return 0; + buf.name = NULL; r.mode = TOMOYO_CONFIG_DISABLED; idx = tomoyo_read_lock(); -- 2.43.0 base-kernel: v6.14-rc6
