security: allow finer granularity in permitting copy-up of security xattrs

Copying up xattrs is solely based on the security xattr name. For finer granularity add a dentry parameter to the security_inode_copy_up_xattr hook definition, allowing decisions to be based on the xattr content as well. Co-developed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Acked-by: Amir Goldstein <amir73il@gmail.com> Acked-by: Paul Moore <paul@paul-moore.com> (LSM,SELinux) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Stefan Berger <stefanb@linux.ibm.com> 2024-02-23 20:25:05 +0300
committer: Mimi Zohar <zohar@linux.ibm.com> 2024-04-10 00:14:57 +0300
commit: 3253804773c0613a1bad5bfea2edf172b760d8b6 (patch)
tree: d3f6b1b665725dbf66221496577d3030b9a9692f /fs/overlayfs
parent: c21632b66895eb23c05e4eeedb68128fb243d168 (diff)
download: linux-3253804773c0613a1bad5bfea2edf172b760d8b6.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 0762575a1e70..a5ef2005a2cc 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -114,7 +114,7 @@ int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct de
 		if (ovl_is_private_xattr(sb, name))
 			continue;
 
-		error = security_inode_copy_up_xattr(name);
+		error = security_inode_copy_up_xattr(old, name);
 		if (error < 0 && error != -EOPNOTSUPP)
 			break;
 		if (error == 1) {
author	Stefan Berger <stefanb@linux.ibm.com>	2024-02-23 20:25:05 +0300
committer	Mimi Zohar <zohar@linux.ibm.com>	2024-04-10 00:14:57 +0300
commit	3253804773c0613a1bad5bfea2edf172b760d8b6 (patch)
tree	d3f6b1b665725dbf66221496577d3030b9a9692f /fs/overlayfs
parent	c21632b66895eb23c05e4eeedb68128fb243d168 (diff)
download	linux-3253804773c0613a1bad5bfea2edf172b760d8b6.tar.xz