From: Song Liu Date: Sun, 13 Oct 2024 00:22:48 +0000 (-0700) Subject: fsnotify, lsm: Decouple fsnotify from lsm X-Git-Tag: v6.13-rc1~130^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1cda52f1b4611f4daa9d89e69d9428fb4137dc3f;p=thirdparty%2Flinux.git fsnotify, lsm: Decouple fsnotify from lsm Currently, fsnotify_open_perm() is called from security_file_open(). This is a a bit unexpected and creates otherwise unnecessary dependency of CONFIG_FANOTIFY_ACCESS_PERMISSIONS on CONFIG_SECURITY. Fix this by calling fsnotify_open_perm() directly. Signed-off-by: Song Liu Acked-by: Paul Moore Signed-off-by: Jan Kara Link: https://patch.msgid.link/20241013002248.3984442-1-song@kernel.org --- diff --git a/fs/notify/fanotify/Kconfig b/fs/notify/fanotify/Kconfig index a511f9d8677ba..0e36aaf379b73 100644 --- a/fs/notify/fanotify/Kconfig +++ b/fs/notify/fanotify/Kconfig @@ -15,7 +15,6 @@ config FANOTIFY config FANOTIFY_ACCESS_PERMISSIONS bool "fanotify permissions checking" depends on FANOTIFY - depends on SECURITY default n help Say Y here is you want fanotify listeners to be able to make permissions diff --git a/fs/open.c b/fs/open.c index acaeb3e25c88e..6c4950f19cfba 100644 --- a/fs/open.c +++ b/fs/open.c @@ -946,6 +946,10 @@ static int do_dentry_open(struct file *f, if (error) goto cleanup_all; + error = fsnotify_open_perm(f); + if (error) + goto cleanup_all; + error = break_lease(file_inode(f), f->f_flags); if (error) goto cleanup_all; diff --git a/security/security.c b/security/security.c index c5981e558bc26..19e87a1593032 100644 --- a/security/security.c +++ b/security/security.c @@ -19,7 +19,6 @@ #include #include #include -#include #include #include #include @@ -3104,13 +3103,7 @@ int security_file_receive(struct file *file) */ int security_file_open(struct file *file) { - int ret; - - ret = call_int_hook(file_open, file); - if (ret) - return ret; - - return fsnotify_open_perm(file); + return call_int_hook(file_open, file); } /**