ceph: only set CEPH_I_SEC_INITED if we got a MAC label

__ceph_getxattr will set the CEPH_I_SEC_INITED flag whenever it gets any xattr that starts with "security.". We only want to set that flag when fetching the MAC label for the currently-active LSM, however. Signed-off-by: N Jeff Layton <jlayton@kernel.org> Signed-off-by: N Ilya Dryomov <idryomov@gmail.com>

ceph: only set CEPH_I_SEC_INITED if we got a MAC label
__ceph_getxattr will set the CEPH_I_SEC_INITED flag whenever it gets any xattr that starts with "security.". We only want to set that flag when fetching the MAC label for the currently-active LSM, however. Signed-off-by: N Jeff Layton <jlayton@kernel.org> Signed-off-by: N Ilya Dryomov <idryomov@gmail.com>
026105eb · Jeff Layton · Ilya Dryomov · 668959a5 · 026105eb
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

fs/ceph/xattr.c fs/ceph/xattr.c +2 -1

未找到文件。
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -892,7 +892,8 @@ ssize_t __ceph_getxattr(struct inode *inode, const char *name, void *value,
 	memcpy(value, xattr->val, xattr->val_len);

 	if (current->journal_info &&
-	    !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN))
+	    !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) &&
+	    security_ismaclabel(name + XATTR_SECURITY_PREFIX_LEN))
 		ci->i_ceph_flags |= CEPH_I_SEC_INITED;
 out:
 	spin_unlock(&ci->i_ceph_lock);