This is a note to let you know that I've just added the patch titled Smack:- Use overlay inode label in smack_inode_copy_up() to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: smack-use-overlay-inode-label-in-smack_inode_copy_up.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 0e747ce9666b0ab704b1aee9d3683babc8f468ba Author: Vishal Goel <vishal.goel@xxxxxxxxxxx> Date: Thu Sep 28 18:51:36 2023 -0700 Smack:- Use overlay inode label in smack_inode_copy_up() commit 387ef964460f14fe1c1ea29aba70e22731ea7cf7 upstream. Currently in "smack_inode_copy_up()" function, process label is changed with the label on parent inode. Due to which, process is assigned directory label and whatever file or directory created by the process are also getting directory label which is wrong label. Changes has been done to use label of overlay inode instead of parent inode. Signed-off-by: Vishal Goel <vishal.goel@xxxxxxxxxxx> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> [4.19: adjusted for the lack of helper functions] Fixes: d6d80cb57be4 ("Smack: Base support for overlayfs") Signed-off-by: Munehisa Kamata <kamatam@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4f65d953fe318..a09a9c6bbdf63 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4612,7 +4612,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) /* * Get label from overlay inode and set it in create_sid */ - isp = d_inode(dentry->d_parent)->i_security; + isp = d_inode(dentry)->i_security; skp = isp->smk_inode; tsp->smk_task = skp; *new = new_creds;