From 44061e64095e5f2016ebe141e5dc2b006ecf6473 Mon Sep 17 00:00:00 2001
From: kchen <kchen@ddn.com>
Date: Tue, 21 Apr 2026 09:15:15 +0000
Subject: [PATCH] Invalidate selinux security label during inode invalidation.

Add security_inode_invalidate_secctx() call to invalidate cached
security context when inode attributes change. This ensures that
SELinux security labels are properly refreshed and prevents stale
security context from being used after inode modifications.

Signed-off-by: Kevin Chen <kchen@ddn.com>
---
 fs/fuse/inode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 6e296021e1e92b..6cfe436aa93d2c 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -619,6 +619,7 @@ int fuse_reverse_inval_inode(struct fuse_conn *fc, u64 nodeid,
 
 	fuse_invalidate_attr(inode);
 	forget_all_cached_acls(inode);
+	security_inode_invalidate_secctx(inode);
 	if (offset >= 0) {
 		pg_start = offset >> PAGE_SHIFT;
 		if (len <= 0)