1
From: Tony Jones <tonyj@suse.de>
2
Subject: Pass struct vfsmount to the inode_mkdir LSM hook
4
This is needed for computing pathnames in the AppArmor LSM.
6
Signed-off-by: Tony Jones <tonyj@suse.de>
7
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
8
Signed-off-by: John Johansen <jjohansen@suse.de>
12
include/linux/security.h | 8 ++++++--
13
security/dummy.c | 2 +-
14
security/security.c | 5 +++--
15
security/selinux/hooks.c | 3 ++-
16
5 files changed, 13 insertions(+), 7 deletions(-)
20
@@ -2009,7 +2009,7 @@ int vfs_mkdir(struct inode *dir, struct
23
mode &= (S_IRWXUGO|S_ISVTX);
24
- error = security_inode_mkdir(dir, dentry, mode);
25
+ error = security_inode_mkdir(dir, dentry, mnt, mode);
29
--- a/include/linux/security.h
30
+++ b/include/linux/security.h
31
@@ -322,6 +322,7 @@ struct request_sock;
32
* associated with inode strcture @dir.
33
* @dir containst the inode structure of parent of the directory to be created.
34
* @dentry contains the dentry structure of new directory.
35
+ * @mnt is the vfsmount corresponding to @dentry (may be NULL).
36
* @mode contains the mode of new directory.
37
* Return 0 if permission is granted.
39
@@ -1256,7 +1257,8 @@ struct security_operations {
40
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
41
int (*inode_symlink) (struct inode *dir,
42
struct dentry *dentry, const char *old_name);
43
- int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
44
+ int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
45
+ struct vfsmount *mnt, int mode);
46
int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
47
int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
49
@@ -1513,7 +1515,8 @@ int security_inode_link(struct dentry *o
50
int security_inode_unlink(struct inode *dir, struct dentry *dentry);
51
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
52
const char *old_name);
53
-int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode);
54
+int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
55
+ struct vfsmount *mnt, int mode);
56
int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
57
int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
58
int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
59
@@ -1846,6 +1849,7 @@ static inline int security_inode_symlink
61
static inline int security_inode_mkdir (struct inode *dir,
62
struct dentry *dentry,
63
+ struct vfsmount *mnt,
67
--- a/security/dummy.c
68
+++ b/security/dummy.c
69
@@ -285,7 +285,7 @@ static int dummy_inode_symlink (struct i
72
static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
74
+ struct vfsmount *mnt, int mask)
78
--- a/security/security.c
79
+++ b/security/security.c
80
@@ -359,11 +359,12 @@ int security_inode_symlink(struct inode
81
return security_ops->inode_symlink(dir, dentry, old_name);
84
-int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode)
85
+int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
86
+ struct vfsmount *mnt, int mode)
88
if (unlikely(IS_PRIVATE(dir)))
90
- return security_ops->inode_mkdir(dir, dentry, mode);
91
+ return security_ops->inode_mkdir(dir, dentry, mnt, mode);
94
int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
95
--- a/security/selinux/hooks.c
96
+++ b/security/selinux/hooks.c
97
@@ -2215,7 +2215,8 @@ static int selinux_inode_symlink(struct
98
return may_create(dir, dentry, SECCLASS_LNK_FILE);
101
-static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
102
+static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry,
103
+ struct vfsmount *mnt, int mask)
105
return may_create(dir, dentry, SECCLASS_DIR);