linux

iv/linux

History

Mark Salyzyn 5c2e9f346b ovl: filter of trusted xattr results in audit

When filtering xattr list for reading, presence of trusted xattr
results in a security audit log.  However, if there is other content
no errno will be set, and if there isn't, the errno will be -ENODATA
and not -EPERM as is usually associated with a lack of capability.
The check does not block the request to list the xattrs present.

Switch to ns_capable_noaudit to reflect a more appropriate check.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Cc: linux-security-module@vger.kernel.org
Cc: kernel-team@android.com
Cc: stable@vger.kernel.org # v3.18+
Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

2019-09-11 16:11:45 +02:00

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 188

2019-05-30 11:29:21 -07:00

adfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19 17:09:55 +02:00

affs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

afs

AFS fixes

2019-06-28 08:34:12 +08:00

autofs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 83

2019-05-24 17:37:52 +02:00

befs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

bfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

btrfs

for-5.2-rc5-tag

2019-06-18 11:20:24 -07:00

cachefiles

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36

2019-05-24 17:27:11 +02:00

ceph

ceph: fix ceph_mdsc_build_path to not stop on first component

2019-06-27 18:27:36 +02:00

cifs

cifs: fix crash querying symlinks stored as reparse-points

2019-06-28 00:34:17 -05:00

coda

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

configfs

SPDX update for 5.2-rc3, round 1

2019-05-31 08:34:32 -07:00

cramfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

crypto

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

debugfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

devpts

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 83

2019-05-24 17:37:52 +02:00

dlm

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 398

2019-06-05 17:37:12 +02:00

ecryptfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333

2019-06-05 17:37:06 +02:00

efivarfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19 17:09:55 +02:00

efs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

exportfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

ext2

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

ext4

Bug fixes (including a regression fix) for ext4.

2019-05-25 15:03:12 -07:00

f2fs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

fat

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282

2019-06-05 17:36:37 +02:00

freevxfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

fscache

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

fuse

Revert "fuse: require /dev/fuse reads to have enough buffer capacity"

2019-06-11 13:35:22 +02:00

gfs2

Fix rounding error in gfs2_iomap_page_prepare

2019-06-14 17:27:12 -10:00

hfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

hfsplus

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

hostfs

This pull request contains the following changes for UML:

2019-05-12 17:52:13 -04:00

hpfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

hugetlbfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

isofs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 142

2019-05-30 11:25:17 -07:00

jbd2

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

jffs2

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

jfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156

2019-05-30 11:26:35 -07:00

kernfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428

2019-06-05 17:37:16 +02:00

lockd

Revert "lockd: Show pid of lockd for remote locks"

2019-05-31 09:43:26 -04:00

minix

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

nfs

NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O

2019-06-28 11:48:52 -04:00

nfs_common

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

nfsd

nfsd: Fix overflow causing non-working mounts on 1 TB machines

2019-07-03 17:51:31 -04:00

nilfs2

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

nls

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

notify

fanotify: update connector fsid cache on add mark

2019-06-19 15:53:58 +02:00

ntfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 97

2019-05-24 17:37:53 +02:00

ocfs2

fs/ocfs2: fix race in ocfs2_dentry_attach_lock()

2019-06-13 17:34:56 -10:00

omfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 209

2019-05-30 11:29:53 -07:00

openpromfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

orangefs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

overlayfs

ovl: filter of trusted xattr results in audit

2019-09-11 16:11:45 +02:00

proc

fs/proc/array.c: allow reporting eip/esp for all coredumping threads

2019-06-29 16:43:44 +08:00

pstore

SPDX update for 5.2-rc4

2019-06-08 12:52:42 -07:00

qnx4

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

qnx6

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

quota

quota: fix a problem about transfer quota

2019-06-19 15:25:41 +02:00

ramfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

reiserfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

romfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

squashfs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499

2019-06-19 17:09:53 +02:00

sysfs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

sysv

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

tracefs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19 17:09:55 +02:00

ubifs

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336

2019-06-05 17:37:07 +02:00

udf

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

ufs

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

unicode

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 294

2019-06-05 17:36:38 +02:00

xfs

block: return from __bio_try_merge_page if merging occured in the same page

2019-06-17 09:33:02 -06:00

aio.c

signal: remove the wrong signal_pending() check in restore_user_sigmask()

2019-06-29 16:43:45 +08:00

anon_inodes.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

attr.c

…

bad_inode.c

…

binfmt_aout.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

binfmt_elf_fdpic.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

binfmt_elf.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

binfmt_em86.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

binfmt_flat.c

fs/binfmt_flat.c: make load_flat_shared_library() work

2019-06-29 16:43:45 +08:00

binfmt_misc.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

binfmt_script.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

block_dev.c

block: Don't revalidate bdev of hidden gendisk

2019-05-27 07:35:02 -06:00

buffer.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

char_dev.c

chardev: update comment based on the code

2019-04-02 17:49:58 +02:00

compat_binfmt_elf.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 193

2019-05-30 11:29:21 -07:00

compat_ioctl.c

…

compat.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19 17:09:55 +02:00

coredump.c

…

d_path.c

…

dax.c

dax fix v5.2-rc8

2019-07-05 11:32:11 +09:00

dcache.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

dcookies.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

direct-io.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

drop_caches.c

fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()

2019-02-01 15:46:24 -08:00

eventfd.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

eventpoll.c

signal: remove the wrong signal_pending() check in restore_user_sigmask()

2019-06-29 16:43:45 +08:00

exec.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

fcntl.c

fs: mark expected switch fall-throughs

2019-04-08 18:21:02 -05:00

fhandle.c

…

file_table.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

file.c

io_uring-2019-03-06

2019-03-08 14:48:40 -08:00

filesystems.c

vfs: Implement a filesystem superblock creation/configuration context

2019-02-28 03:29:26 -05:00

fs_context.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36

2019-05-24 17:27:11 +02:00

fs_parser.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36

2019-05-24 17:27:11 +02:00

fs_pin.c

…

fs_struct.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

fs_types.c

fs: common implementation of file type

2019-01-21 17:48:13 +01:00

fs-writeback.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

fsopen.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36

2019-05-24 17:27:11 +02:00

inode.c

mm: fix page cache convergence regression

2019-05-31 13:52:41 -04:00

internal.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

io_uring.c

Merge branch 'akpm' (patches from Andrew)

2019-06-29 17:11:01 +08:00

ioctl.c

…

iomap.c

block: return from __bio_try_merge_page if merging occured in the same page

2019-06-17 09:33:02 -06:00

Kconfig

fs: VALIDATE_FS_PARSER should default to n

2019-07-05 11:22:11 -04:00

Kconfig.binfmt

treewide: Add SPDX license identifier - Makefile/Kconfig

2019-05-21 10:50:46 +02:00

libfs.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

locks.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

Makefile

Add as a feature case-insensitive directories (the casefold feature)

2019-05-07 21:12:44 -07:00

mbcache.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

mount.h

saner handling of temporary namespaces

2019-01-30 17:44:07 -05:00

mpage.c

block: remove the i argument to bio_for_each_segment_all

2019-04-30 09:26:13 -06:00

namei.c

Clean up fscrypt's dcache revalidation support, and other

2019-05-07 21:28:04 -07:00

namespace.c

vfs: move_mount: reject moving kernel internal mounts

2019-07-01 10:46:36 -04:00

no-block.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

nsfs.c

nsfs: unobfuscate

2019-04-09 19:20:57 -04:00

open.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

pipe.c

Merge branch 'page-refs' (page ref overflow)

2019-04-14 15:09:40 -07:00

pnode.c

fs/namespace: fix unprivileged mount propagation

2019-06-17 17:36:09 -04:00

pnode.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 209

2019-05-30 11:29:53 -07:00

posix_acl.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

proc_namespace.c

…

read_write.c

vfs: pass ppos=NULL to .read()/.write() of FMODE_STREAM files

2019-05-06 17:46:52 +03:00

readdir.c

…

select.c

signal: remove the wrong signal_pending() check in restore_user_sigmask()

2019-06-29 16:43:45 +08:00

seq_file.c

fs: mark expected switch fall-throughs

2019-04-08 18:21:02 -05:00

signalfd.c

fs: mark expected switch fall-throughs

2019-04-08 18:21:02 -05:00

splice.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

stack.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

stat.c

fs: move generic stat response attr handling to vfs_getattr_nosec

2019-02-01 01:55:45 -05:00

statfs.c

vfs: add vfs_get_fsid() helper

2019-02-07 16:38:35 +01:00

super.c

[fix] get rid of checking for absent device name in vfs_get_tree()

2019-04-28 21:34:21 -04:00

sync.c

fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback

2019-05-14 09:47:50 -07:00

timerfd.c

y2038: syscalls: rename y2038 compat syscalls

2019-02-07 00:13:27 +01:00

userfaultfd.c

fs/userfaultfd.c: disable irqs for fault_pending and event locks

2019-07-05 11:12:07 +09:00

utimes.c

y2038: syscalls: rename y2038 compat syscalls

2019-02-07 00:13:27 +01:00

xattr.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00