security: cap_inode_getsecctx returning garbage We shouldn't be returning success from this function without also filling in the return values ctx and ctxlen. Note currently this doesn't appear to cause bugs since the only inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls this if security_inode_setsecurity succeeds. Assuming security_inode_setsecurity is set to cap_inode_setsecurity whenever inode_getsecctx is set to cap_inode_getsecctx, this function can never actually called. So I noticed this only because the server labeled NFS patches add a real caller. Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>

commit: 0d422afb892e3f993cf934b76a2c2ef839c446e0 [log] [tgz]
author: J. Bruce Fields <bfields@redhat.com> Wed May 08 18:05:41 2013 -0400
committer: J. Bruce Fields <bfields@redhat.com> Mon May 13 10:11:46 2013 -0400
tree: 3452717e0d811102b87ad71e9039df39cf7ef112
parent: 4f540e29dc20b87d460559bce184d2238237f48b [diff] [blame]
diff --git a/security/capability.c b/security/capability.c
index 1728d4e..83efc90 100644
--- a/security/capability.c
+++ b/security/capability.c

@@ -843,7 +843,7 @@
 
 static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 {
-	return 0;
+	return -EOPNOTSUPP;
 }
 #ifdef CONFIG_KEYS
 static int cap_key_alloc(struct key *key, const struct cred *cred,
commit	0d422afb892e3f993cf934b76a2c2ef839c446e0	[log] [tgz]
author	J. Bruce Fields <bfields@redhat.com>	Wed May 08 18:05:41 2013 -0400
committer	J. Bruce Fields <bfields@redhat.com>	Mon May 13 10:11:46 2013 -0400
tree	3452717e0d811102b87ad71e9039df39cf7ef112
parent	4f540e29dc20b87d460559bce184d2238237f48b [diff] [blame]