• Eric Paris's avatar
    anon_inodes: mark the anon inode private · 3836a03d
    Eric Paris authored
    Inotify was switched to use anon_inode instead of its own private filesystem
    which only had one inode in commit c44dcc56 "switch inotify_user to
    anon_inode"
    
    The problem with this is that now the inotify inode is not a distinct inode
    which can be managed by LSMs.  userspace tools which use inotify were allowed
    to use the inotify inode but may not have had permission to do read/write type
    operations on the anon_inode.  After looking at the anon_inode and its users
    it looks like the best solution is to just mark the anon_inode as S_PRIVATE
    so the security system will ignore it.
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Acked-by: default avatarJames Morris <jmorris@namei.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    3836a03d
anon_inodes.c 6.46 KB