diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-02 14:51:47 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-02 14:51:47 -0700 |
commit | 79802ada87faeb28cfa2bd36e17591e7b8c6ba72 (patch) | |
tree | b573ba522d599c670f79c461461f90c1fdf39581 /mm/secretmem.c | |
parent | 6991a564f59742a0926be7421dff370135c44a97 (diff) | |
parent | ef54ccb61616d8293bc68220d88a8e74271141b5 (diff) | |
download | linux-79802ada87faeb28cfa2bd36e17591e7b8c6ba72.tar.bz2 |
Merge tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore:
"A relatively small set of patches for SELinux this time, eight patches
in total with really only one significant change.
The highlights are:
- Add support for proper labeling of memfd_secret anonymous inodes.
This will allow LSMs that implement the anonymous inode hooks to
apply security policy to memfd_secret() fds.
- Various small improvements to memory management: fixed leaks, freed
memory when needed, boundary checks.
- Hardened the selinux_audit_data struct with __randomize_layout.
- A minor documentation tweak to fix a formatting/style issue"
* tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: selinux_add_opt() callers free memory
selinux: Add boundary check in put_entry()
selinux: fix memleak in security_read_state_kernel()
docs: selinux: add '=' signs to kernel boot options
mm: create security context for memfd_secret inodes
selinux: fix typos in comments
selinux: drop unnecessary NULL check
selinux: add __randomize_layout to selinux_audit_data
Diffstat (limited to 'mm/secretmem.c')
-rw-r--r-- | mm/secretmem.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/mm/secretmem.c b/mm/secretmem.c index f06279d6190a..71fb78f59d72 100644 --- a/mm/secretmem.c +++ b/mm/secretmem.c @@ -199,11 +199,20 @@ static struct file *secretmem_file_create(unsigned long flags) { struct file *file = ERR_PTR(-ENOMEM); struct inode *inode; + const char *anon_name = "[secretmem]"; + const struct qstr qname = QSTR_INIT(anon_name, strlen(anon_name)); + int err; inode = alloc_anon_inode(secretmem_mnt->mnt_sb); if (IS_ERR(inode)) return ERR_CAST(inode); + err = security_inode_init_security_anon(inode, &qname, NULL); + if (err) { + file = ERR_PTR(err); + goto err_free_inode; + } + file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem", O_RDWR, &secretmem_fops); if (IS_ERR(file)) |