fanotify: call fanotify_events_supported() before path_permission() and security_path_notify()

The latter trigger LSM (e.g. SELinux) checks, which will log a denial
when permission is denied, so it's better to do them after validity
checks to avoid logging a denial when the operation would fail anyway.

Fixes: 0b3b094ac9 ("fanotify: Disallow permission events for proc filesystem")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Link: https://patch.msgid.link/20260216150625.793013-3-omosnace@redhat.com
Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
Ondrej Mosnacek
2026-02-16 16:06:25 +01:00
committed by Jan Kara
parent 0d5ee33734
commit 66052a768d
+10 -15
View File
@@ -1210,6 +1210,7 @@ static int fanotify_find_path(int dfd, const char __user *filename,
*path = fd_file(f)->f_path;
path_get(path);
ret = 0;
} else {
unsigned int lookup_flags = 0;
@@ -1219,22 +1220,7 @@ static int fanotify_find_path(int dfd, const char __user *filename,
lookup_flags |= LOOKUP_DIRECTORY;
ret = user_path_at(dfd, filename, lookup_flags, path);
if (ret)
goto out;
}
/* you can only watch an inode if you have read permissions on it */
ret = path_permission(path, MAY_READ);
if (ret) {
path_put(path);
goto out;
}
ret = security_path_notify(path, mask, obj_type);
if (ret)
path_put(path);
out:
return ret;
}
@@ -2058,6 +2044,15 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
goto path_put_and_out;
}
/* you can only watch an inode if you have read permissions on it */
ret = path_permission(&path, MAY_READ);
if (ret)
goto path_put_and_out;
ret = security_path_notify(&path, mask, obj_type);
if (ret)
goto path_put_and_out;
if (fid_mode) {
ret = fanotify_test_fsid(path.dentry, flags, &__fsid);
if (ret)