From: Eric Paris Date: Wed, 10 Mar 2010 03:23:01 +0000 (-0500) Subject: anon_inodes: mark the anon inode private X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3836a03d978e68b0ae00d3589089343c998cd4ff;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git anon_inodes: mark the anon inode private Inotify was switched to use anon_inode instead of its own private filesystem which only had one inode in commit c44dcc56d2b5c7 "switch inotify_user to anon_inode" The problem with this is that now the inotify inode is not a distinct inode which can be managed by LSMs. userspace tools which use inotify were allowed to use the inotify inode but may not have had permission to do read/write type operations on the anon_inode. After looking at the anon_inode and its users it looks like the best solution is to just mark the anon_inode as S_PRIVATE so the security system will ignore it. Signed-off-by: Eric Paris Acked-by: James Morris Signed-off-by: Linus Torvalds --- diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 9f0bf13291e5..2de009565d8e 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -209,6 +209,7 @@ static struct inode *anon_inode_mkinode(void) inode->i_mode = S_IRUSR | S_IWUSR; inode->i_uid = current_fsuid(); inode->i_gid = current_fsgid(); + inode->i_flags |= S_PRIVATE; inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; return inode; }