diff options
Diffstat (limited to 'security/landlock/fs.c')
| -rw-r--r-- | security/landlock/fs.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 0a58962cf61d..3e98b748033c 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1798,14 +1798,15 @@ static void hook_file_set_fowner(struct file *file) { struct landlock_ruleset *prev_dom; struct landlock_cred_security fown_subject = {}; + size_t fown_layer = 0; if (control_current_fowner(file_f_owner(file))) { static const struct access_masks signal_scope = { .scope = LANDLOCK_SCOPE_SIGNAL, }; const struct landlock_cred_security *new_subject = - landlock_get_applicable_subject(current_cred(), - signal_scope, NULL); + landlock_get_applicable_subject( + current_cred(), signal_scope, &fown_layer); if (new_subject) { landlock_get_ruleset(new_subject->domain); fown_subject = *new_subject; @@ -1814,6 +1815,9 @@ static void hook_file_set_fowner(struct file *file) prev_dom = landlock_file(file)->fown_subject.domain; landlock_file(file)->fown_subject = fown_subject; +#ifdef CONFIG_AUDIT + landlock_file(file)->fown_layer = fown_layer; +#endif /* CONFIG_AUDIT*/ /* May be called in an RCU read-side critical section. */ landlock_put_ruleset_deferred(prev_dom); |