• Vivek Goyal's avatar
    security, overlayfs: Provide hook to correctly label newly created files · 2602625b
    Vivek Goyal authored
    During a new file creation we need to make sure new file is created with the
    right label. New file is created in upper/ so effectively file should get
    label as if task had created file in upper/.
    
    We switched to mounter's creds for actual file creation. Also if there is a
    whiteout present, then file will be created in work/ dir first and then
    renamed in upper. In none of the cases file will be labeled as we want it to
    be.
    
    This patch introduces a new hook dentry_create_files_as(), which determines
    the label/context dentry will get if it had been created by task in upper
    and modify passed set of creds appropriately. Caller makes use of these new
    creds for file creation.
    Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    [PM: fix whitespace issues found with checkpatch.pl]
    [PM: changes to use stat->mode in ovl_create_or_link()]
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    2602625b
dir.c 21.5 KB