• Eric Biggers's avatar
    fscrypt: fix renaming and linking special files · 42d97eb0
    Eric Biggers authored
    Attempting to link a device node, named pipe, or socket file into an
    encrypted directory through rename(2) or link(2) always failed with
    EPERM.  This happened because fscrypt_has_permitted_context() saw that
    the file was unencrypted and forbid creating the link.  This behavior
    was unexpected because such files are never encrypted; only regular
    files, directories, and symlinks can be encrypted.
    
    To fix this, make fscrypt_has_permitted_context() always return true on
    special files.
    
    This will be covered by a test in my encryption xfstests patchset.
    
    Fixes: 9bd8212f ("ext4 crypto: add encryption policy and password salt support")
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Reviewed-by: default avatarRichard Weinberger <richard@nod.at>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    42d97eb0
policy.c 7.13 KB