diff options
| author | David Windsor <dwindsor@gmail.com> | 2026-04-26 19:23:49 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2026-04-27 19:32:56 -0400 |
| commit | 1e5a8eed7821e7a43a31b4c1b3675a91be6bc6f6 (patch) | |
| tree | 46cfafaa9dfad1d7873afc3c34000f05382cd40f /security | |
| parent | 032e70aff025d7c519af9ab791cd084380619263 (diff) | |
| download | linux-next-history-1e5a8eed7821e7a43a31b4c1b3675a91be6bc6f6.tar.gz | |
selinux: don't reserve xattr slot when we won't fill it
Move lsm_get_xattr_slot() below the SBLABEL_MNT check so we don't leave
a NULL-named slot in the array when returning -EOPNOTSUPP; filesystem
initxattrs() callbacks stop iterating at the first NULL ->name, silently
dropping xattrs installed by later LSMs.
Cc: stable@vger.kernel.org
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 49c482e3fa3f9..59942d39ada7f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2966,7 +2966,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, { const struct cred_security_struct *crsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; - struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count); + struct xattr *xattr; u32 newsid, clen; u16 newsclass; int rc; @@ -2992,6 +2992,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, !(sbsec->flags & SBLABEL_MNT)) return -EOPNOTSUPP; + xattr = lsm_get_xattr_slot(xattrs, xattr_count); if (xattr) { rc = security_sid_to_context_force(newsid, &context, &clen); |