*/
#include <linux/fs.h>
#include <linux/slab.h>
-#include <linux/smp_lock.h>
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
return 0;
/*
- * The trusted.* namespace can only accessed by a privilegued user.
+ * The trusted.* namespace can only be accessed by a privileged user.
*/
if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN))
return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
+ /* In user.* namespace, only regular files and directories can have
+ * extended attributes. For sticky directories, only the owner and
+ * privileged user can write attributes.
+ */
if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
- if (!S_ISREG(inode->i_mode) &&
- (!S_ISDIR(inode->i_mode) || inode->i_mode & S_ISVTX))
+ if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
+ return -EPERM;
+ if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
+ (mask & MAY_WRITE) && (current->fsuid != inode->i_uid) &&
+ !capable(CAP_FOWNER))
return -EPERM;
}
f = fget(fd);
if (!f)
return error;
- dentry = f->f_dentry;
+ dentry = f->f_path.dentry;
audit_inode(NULL, dentry->d_inode);
error = setxattr(dentry, name, value, size, flags);
fput(f);
f = fget(fd);
if (!f)
return error;
- error = getxattr(f->f_dentry, name, value, size);
+ audit_inode(NULL, f->f_path.dentry->d_inode);
+ error = getxattr(f->f_path.dentry, name, value, size);
fput(f);
return error;
}
f = fget(fd);
if (!f)
return error;
- error = listxattr(f->f_dentry, list, size);
+ audit_inode(NULL, f->f_path.dentry->d_inode);
+ error = listxattr(f->f_path.dentry, list, size);
fput(f);
return error;
}
f = fget(fd);
if (!f)
return error;
- dentry = f->f_dentry;
+ dentry = f->f_path.dentry;
audit_inode(NULL, dentry->d_inode);
error = removexattr(dentry, name);
fput(f);
projects / linux-drm-fsl-dcu.git / blobdiff