Invalide security labels of inodes when they go invalid. SELinux will reload
the security.selinux xattr via iop-igetxattr on the next access.
Signed-off-by: Andreas Gruenbacher agrue...@redhat.com
---
fs/gfs2/glops.c | 2 ++
fs/gfs2/inode.c | 16
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index fa3fa5e..29be6d3 100644
--- a/fs/gfs2/glops.c
+++ b/fs/gfs2/glops.c
@@ -13,6 +13,7 @@
#include linux/gfs2_ondisk.h
#include linux/bio.h
#include linux/posix_acl.h
+#include linux/security.h
#include gfs2.h
#include incore.h
@@ -260,6 +261,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
if (ip) {
set_bit(GIF_INVALID, ip-i_flags);
forget_all_cached_acls(ip-i_inode);
+ security_inode_invalidate_secctx(ip-i_inode);
gfs2_dir_hash_inval(ip);
}
}
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index 063fdfc..3474976 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -2011,28 +2011,33 @@ static int gfs2_setxattr(struct dentry *dentry, const
char *name,
return ret;
}
-static ssize_t gfs2_getxattr(struct dentry *dentry, const char *name,
+static ssize_t gfs2_igetxattr(struct inode *inode, const char *name,
void *data, size_t size)
{
- struct inode *inode = d_inode(dentry);
struct gfs2_inode *ip = GFS2_I(inode);
struct gfs2_holder gh;
int ret;
/* For selinux during lookup */
if (gfs2_glock_is_locked_by_me(ip-i_gl))
- return generic_getxattr(dentry, name, data, size);
+ return generic_igetxattr(inode, name, data, size);
gfs2_holder_init(ip-i_gl, LM_ST_SHARED, LM_FLAG_ANY, gh);
ret = gfs2_glock_nq(gh);
if (ret == 0) {
- ret = generic_getxattr(dentry, name, data, size);
+ ret = generic_igetxattr(inode, name, data, size);
gfs2_glock_dq(gh);
}
gfs2_holder_uninit(gh);
return ret;
}
+static ssize_t gfs2_getxattr(struct dentry *dentry, const char *name,
+void *data, size_t size)
+{
+ return gfs2_igetxattr(d_inode(dentry), name, data, size);
+}
+
static int gfs2_removexattr(struct dentry *dentry, const char *name)
{
struct inode *inode = d_inode(dentry);
@@ -2099,6 +2104,7 @@ const struct inode_operations gfs2_file_iops = {
.setattr = gfs2_setattr,
.getattr = gfs2_getattr,
.setxattr = gfs2_setxattr,
+ .igetxattr = gfs2_igetxattr,
.getxattr = gfs2_getxattr,
.listxattr = gfs2_listxattr,
.removexattr = gfs2_removexattr,
@@ -2121,6 +2127,7 @@ const struct inode_operations gfs2_dir_iops = {
.setattr = gfs2_setattr,
.getattr = gfs2_getattr,
.setxattr = gfs2_setxattr,
+ .igetxattr = gfs2_igetxattr,
.getxattr = gfs2_getxattr,
.listxattr = gfs2_listxattr,
.removexattr = gfs2_removexattr,
@@ -2138,6 +2145,7 @@ const struct inode_operations gfs2_symlink_iops = {
.setattr = gfs2_setattr,
.getattr = gfs2_getattr,
.setxattr = gfs2_setxattr,
+ .igetxattr = gfs2_igetxattr,
.getxattr = gfs2_getxattr,
.listxattr = gfs2_listxattr,
.removexattr = gfs2_removexattr,
--
2.4.3