1
From: Tony Jones <tonyj@suse.de>
2
Subject: Pass struct vfsmount to the inode_symlink LSM hook
4
This is needed for computing pathnames in the AppArmor LSM.
6
Signed-off-by: Tony Jones <tonyj@suse.de>
7
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
8
Signed-off-by: John Johansen <jjohansen@suse.de>
12
include/linux/security.h | 8 +++++---
13
security/capability.c | 2 +-
14
security/security.c | 4 ++--
15
security/selinux/hooks.c | 3 ++-
16
5 files changed, 11 insertions(+), 8 deletions(-)
20
@@ -2327,7 +2327,7 @@ int vfs_symlink(struct inode *dir, struc
21
if (!dir->i_op || !dir->i_op->symlink)
24
- error = security_inode_symlink(dir, dentry, oldname);
25
+ error = security_inode_symlink(dir, dentry, mnt, oldname);
29
--- a/include/linux/security.h
30
+++ b/include/linux/security.h
31
@@ -355,6 +355,7 @@ static inline void security_free_mnt_opt
32
* Check the permission to create a symbolic link to a file.
33
* @dir contains the inode structure of parent directory of the symbolic link.
34
* @dentry contains the dentry structure of the symbolic link.
35
+ * @mnt is the vfsmount corresponding to @dentry (may be NULL).
36
* @old_name contains the pathname of file.
37
* Return 0 if permission is granted.
39
@@ -1363,8 +1364,8 @@ struct security_operations {
40
int (*inode_link) (struct dentry *old_dentry,
41
struct inode *dir, struct dentry *new_dentry);
42
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
43
- int (*inode_symlink) (struct inode *dir,
44
- struct dentry *dentry, const char *old_name);
45
+ int (*inode_symlink) (struct inode *dir, struct dentry *dentry,
46
+ struct vfsmount *mnt, const char *old_name);
47
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
48
struct vfsmount *mnt, int mode);
49
int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
50
@@ -1634,7 +1635,7 @@ int security_inode_link(struct dentry *o
51
struct dentry *new_dentry);
52
int security_inode_unlink(struct inode *dir, struct dentry *dentry);
53
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
54
- const char *old_name);
55
+ struct vfsmount *mnt, const char *old_name);
56
int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
57
struct vfsmount *mnt, int mode);
58
int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
59
@@ -1999,6 +2000,7 @@ static inline int security_inode_unlink(
61
static inline int security_inode_symlink(struct inode *dir,
62
struct dentry *dentry,
63
+ struct vfsmount *mnt,
67
--- a/security/capability.c
68
+++ b/security/capability.c
69
@@ -172,7 +172,7 @@ static int cap_inode_unlink(struct inode
72
static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
74
+ struct vfsmount *mnt, const char *name)
78
--- a/security/security.c
79
+++ b/security/security.c
80
@@ -382,11 +382,11 @@ int security_inode_unlink(struct inode *
83
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
84
- const char *old_name)
85
+ struct vfsmount *mnt, const char *old_name)
87
if (unlikely(IS_PRIVATE(dir)))
89
- return security_ops->inode_symlink(dir, dentry, old_name);
90
+ return security_ops->inode_symlink(dir, dentry, mnt, old_name);
93
int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
94
--- a/security/selinux/hooks.c
95
+++ b/security/selinux/hooks.c
96
@@ -2592,7 +2592,8 @@ static int selinux_inode_unlink(struct i
97
return may_link(dir, dentry, MAY_UNLINK);
100
-static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
101
+static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry,
102
+ struct vfsmount *mnt, const char *name)
104
return may_create(dir, dentry, SECCLASS_LNK_FILE);