Google Git
Sign in
cos / third_party / kernel / 43faebd3c60e6a1b27a930604bb55d4ebaa1aee3
commit43faebd3c60e6a1b27a930604bb55d4ebaa1aee3[log] [tgz]
authorKen Hofsass <hofsass@google.com>Mon May 23 17:23:02 2022 -0700
committerKen Hofsass <hofsass@google.com>Sat May 28 03:12:35 2022 +0000
treebde0d09ed41342fbf6fc137550d88da609407d92
parent2c8a11eaea8c25348b5d8c73279e19bab78f009d [diff]
KTD LSM: BuildKit LSM setxattr handling

Add counter to track the number of setxattr invocations.
Do not unilaterally block setxattr operations for the 'csm' attribute.

Kernel internal calls to setxattr can occur during some FS operations.
In particular, overlayfs copy-up operations. Blocking the write causes
the operation to fail and that will cause legitimate user programs
to break, e.g. 'docker build' with BuildKit enabled.

BUG=b/227623354
SOURCE=KTD

cos-patch: bug

Signed-off-by: Ken Hofsass <hofsass@google.com>
Change-Id: Ic5ca0d96983abd70c3a405655f29ed4258582687
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/33122
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/33230
Reviewed-by: Roy Yang <royyang@google.com>
2 files changed
tree: bde0d09ed41342fbf6fc137550d88da609407d92
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. google/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. PRESUBMIT.cfg
  37. README