Commit d43388de authored by Robbie Ko's avatar Robbie Ko Committed by Tyler Hicks

eCryptfs: fix permission denied with ecryptfs_xattr mount option when create readonly file

When the ecryptfs_xattr mount option is turned on, the ecryptfs
metadata will be written to xattr via vfs_setxattr, which will
check the WRITE permissions.

However, this will cause denial of permission when creating a
file withoug write permission.

So fix this by calling __vfs_setxattr directly to skip permission
check.
Signed-off-by: default avatarRobbie Ko <robbieko@synology.com>
[tyhicks: Copy up lower inode attributes when successful]
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
parent 4b47a8b5
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <asm/unaligned.h> #include <asm/unaligned.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/xattr.h>
#include "ecryptfs_kernel.h" #include "ecryptfs_kernel.h"
#define DECRYPT 0 #define DECRYPT 0
...@@ -1131,9 +1132,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, ...@@ -1131,9 +1132,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
char *page_virt, size_t size) char *page_virt, size_t size)
{ {
int rc; int rc;
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
struct inode *lower_inode = d_inode(lower_dentry);
rc = ecryptfs_setxattr(ecryptfs_dentry, ecryptfs_inode, if (!(lower_inode->i_opflags & IOP_XATTR)) {
ECRYPTFS_XATTR_NAME, page_virt, size, 0); rc = -EOPNOTSUPP;
goto out;
}
inode_lock(lower_inode);
rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
page_virt, size, 0);
if (!rc && ecryptfs_inode)
fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
inode_unlock(lower_inode);
out:
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment