diff options
author | Miklos Szeredi <mszeredi@redhat.com> | 2020-06-02 22:20:26 +0200 |
---|---|---|
committer | Miklos Szeredi <mszeredi@redhat.com> | 2020-06-03 09:45:18 +0200 |
commit | 292f902a40c11f043a5ca1305a114da0e523eaa3 (patch) | |
tree | 48b173d4f6e710bc1c8c42a438bc9b1d272c72d7 /fs/overlayfs/file.c | |
parent | 56230d956739b9cb1cbde439d76227d77979a04d (diff) |
ovl: call secutiry hook in ovl_real_ioctl()
Verify LSM permissions for underlying file, since vfs_ioctl() doesn't do
it.
[Stephen Rothwell] export security_file_ioctl
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/overlayfs/file.c')
-rw-r--r-- | fs/overlayfs/file.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 87c362f65448..1860e220c82d 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -10,6 +10,7 @@ #include <linux/uio.h> #include <linux/uaccess.h> #include <linux/splice.h> +#include <linux/security.h> #include <linux/mm.h> #include <linux/fs.h> #include "overlayfs.h" @@ -520,7 +521,9 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd, return ret; old_cred = ovl_override_creds(file_inode(file)->i_sb); - ret = vfs_ioctl(real.file, cmd, arg); + ret = security_file_ioctl(real.file, cmd, arg); + if (!ret) + ret = vfs_ioctl(real.file, cmd, arg); revert_creds(old_cred); fdput(real); |