lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Jul 2020 17:34:04 +0200 From: Antoine Tenart <antoine.tenart@...tlin.com> To: linux-ext4@...r.kernel.org, tytso@....edu Cc: Antoine Tenart <antoine.tenart@...tlin.com>, matthew.weber@...kwellcollins.com, thomas.petazzoni@...tlin.com Subject: [PATCH] create_inode: set xattrs to the root directory as well __populate_fs do copy the xattrs for all files and directories, but the root directory is skipped and as a result its extended attributes aren't set. This is an issue when using mkfs to build a full system image that can be used with SElinux in enforcing mode without making any runtime fix at first boot. This patch adds logic to set the root directory's extended attributes. Signed-off-by: Antoine Tenart <antoine.tenart@...tlin.com> --- misc/create_inode.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/misc/create_inode.c b/misc/create_inode.c index e8d1df6b55a5..0a6e4dc23d16 100644 --- a/misc/create_inode.c +++ b/misc/create_inode.c @@ -820,7 +820,29 @@ static errcode_t __populate_fs(ext2_filsys fs, ext2_ino_t parent_ino, for (i = 0; i < num_dents; free(dent[i]), i++) { name = dent[i]->d_name; - if ((!strcmp(name, ".")) || (!strcmp(name, ".."))) + if (!strcmp(name, ".")) { + retval = ext2fs_namei(fs, root, parent_ino, ".", &ino); + if (retval) { + com_err(name, retval, 0); + goto out; + } + + /* + * Take special care for the root directory, to copy its + * extended attributes. + */ + if (ino == root) { + retval = set_inode_xattr(fs, ino, "."); + if (retval) { + com_err(__func__, retval, + _("while setting xattrs for .")); + goto out; + } + } + + continue; + } + if (!strcmp(name, "..")) continue; if (lstat(name, &st)) { retval = errno; -- 2.26.2
Powered by blists - more mailing lists