From 5dadefe6e75ae56fd33a7a4813123be155f4a4e6 Mon Sep 17 00:00:00 2001
From: Christopher Hoffman <choffman@redhat.com>
Date: Thu, 14 Dec 2023 17:13:38 +0000
Subject: [PATCH] client: Allow setpolicy only on dir and when it is empty.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>
---
 src/client/Client.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 87aa982158c..6bf8013449a 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -18198,6 +18198,12 @@ int Client::ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2&
     return -EEXIST;
   }
 
+  if (!in->is_dir())
+    return -ENOTDIR;
+
+  if (in->is_dir() && in->dir && in->dir->dentries.size() > 0)
+    return -ENOTEMPTY;
+
   FSCryptContext fsc(cct);
   fsc.init(policy);
   fsc.generate_new_nonce();
-- 
2.39.5