From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Date: Thu, 12 Mar 2009 05:19:46 +0000 (-0500)
Subject: eCryptfs: Copy lower inode attrs before dentry instantiation
X-Git-Tag: v2.6.30-rc4~55^2~6
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae6e84596e7b321d9a08e81679c6a3f799634636;p=pandora-kernel.git

eCryptfs: Copy lower inode attrs before dentry instantiation

Copies the lower inode attributes to the upper inode before passing the
upper inode to d_instantiate().  This is important for
security_d_instantiate().

The problem was discovered by a user seeing SELinux denials like so:

type=AVC msg=audit(1236812817.898:47): avc:  denied  { 0x100000 } for
pid=3584 comm="httpd" name="testdir" dev=ecryptfs ino=943872
scontext=root:system_r:httpd_t:s0
tcontext=root:object_r:httpd_sys_content_t:s0 tclass=file

Notice target class is file while testdir is really a directory,
confusing the permission translation (0x100000) due to the wrong i_mode.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
---

Reading git-diff-tree failed