Commit 42d97eb0 authored Dec 19, 2016 by Eric Biggers Committed by Theodore Ts'o Dec 31, 2016

fscrypt: fix renaming and linking special files



Attempting to link a device node, named pipe, or socket file into an
encrypted directory through rename(2) or link(2) always failed with
EPERM.  This happened because fscrypt_has_permitted_context() saw that
the file was unencrypted and forbid creating the link.  This behavior
was unexpected because such files are never encrypted; only regular
files, directories, and symlinks can be encrypted.

To fix this, make fscrypt_has_permitted_context() always return true on
special files.

This will be covered by a test in my encryption xfstests patchset.

Fixes: 9bd8212f ("ext4 crypto: add encryption policy and password salt support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Richard Weinberger <richard@nod.at>
Cc: stable@vger.kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

parent fe4f6c80

fs/crypto/policy.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -179,6 +179,11 @@ int fscrypt_has_permitted_context(struct inode parent, struct inode child)
		BUG_ON(1);
		}

		/* No restrictions on file types which are never encrypted */
		if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
		!S_ISLNK(child->i_mode))
		return 1;

		/* no restrictions if the parent directory is not encrypted */
		if (!parent->i_sb->s_cop->is_encrypted(parent))
		return 1;

Admin message