From ff64f157989acdfdd0d646c46a4939e4f480558c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lu=C3=ADs=20Henriques?= Date: Mon, 18 Apr 2022 14:59:57 +0100 Subject: [PATCH] ceph: prevent snapshots to be created in encrypted locked directories MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit With snapshot names encryption we can not allow snapshots to be created in locked directories because the names wouldn't be encrypted. This patch forces the directory to be unlocked to allow a snapshot to be created. Signed-off-by: Luís Henriques Reviewed-by: Xiubo Li Signed-off-by: Jeff Layton --- fs/ceph/dir.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c index 59df878a4df7..edc2bf0aab83 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -1084,6 +1084,11 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir, err = -EDQUOT; goto out; } + if ((op == CEPH_MDS_OP_MKSNAP) && IS_ENCRYPTED(dir) && + !fscrypt_has_encryption_key(dir)) { + err = -ENOKEY; + goto out; + } req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS); -- 2.47.3