git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Paul Moore <paul@paul-moore.com>
	Wed, 3 Jul 2024 21:00:20 +0000 (17:00 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 3 Aug 2024 07:01:09 +0000 (09:01 +0200)
commit	bc8ccc1f1e079aac885e4d62efaa63159bf2b7c8
tree	fcf6fbe98ede764ca0c83b6ddc05e189d4d38688	tree \| snapshot
parent	bb6841f96eb6f3285a3bfe40f31bcc578781eaa4	commit \| diff

selinux,smack: remove the capability checks in the removexattr hooks

commit dd44477e7fa15ba3b100dfc67bf7cf083f3dccf6 upstream.

Commit 61df7b828204 ("lsm: fixup the inode xattr capability handling")
moved the responsibility of doing the inode xattr capability checking
out of the individual LSMs and into the LSM framework itself.
Unfortunately, while the original commit added the capability checks
to both the setxattr and removexattr code in the LSM framework, it
only removed the setxattr capability checks from the individual LSMs,
leaving duplicated removexattr capability checks in both the SELinux
and Smack code.

This patch removes the duplicated code from SELinux and Smack.

Fixes: 61df7b828204 ("lsm: fixup the inode xattr capability handling")
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

security/selinux/hooks.c		diff \| blob \| blame \| history
security/smack/smack_lsm.c		diff \| blob \| blame \| history