1
Pass the struct vfsmounts to the inode_link LSM hook
3
Signed-off-by: Tony Jones <tonyj@suse.de>
4
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
7
===================================================================
10
@@ -2275,7 +2275,8 @@ int vfs_link(struct dentry *old_dentry,
11
if (S_ISDIR(old_dentry->d_inode->i_mode))
14
- error = security_inode_link(old_dentry, dir, new_dentry);
15
+ error = security_inode_link(old_dentry, old_mnt, dir, new_dentry,
20
Index: b/include/linux/security.h
21
===================================================================
22
--- a/include/linux/security.h
23
+++ b/include/linux/security.h
24
@@ -289,8 +289,10 @@ struct request_sock;
26
* Check permission before creating a new hard link to a file.
27
* @old_dentry contains the dentry structure for an existing link to the file.
28
+ * @old_mnt is the vfsmount corresponding to @old_dentry (may be NULL).
29
* @dir contains the inode structure of the parent directory of the new link.
30
* @new_dentry contains the dentry structure for the new link.
31
+ * @new_mnt is the vfsmount corresponding to @new_dentry (may be NULL).
32
* Return 0 if permission is granted.
34
* Check the permission to remove a hard link to a file.
35
@@ -1212,8 +1214,9 @@ struct security_operations {
36
char **name, void **value, size_t *len);
37
int (*inode_create) (struct inode *dir, struct dentry *dentry,
38
struct vfsmount *mnt, int mode);
39
- int (*inode_link) (struct dentry *old_dentry,
40
- struct inode *dir, struct dentry *new_dentry);
41
+ int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt,
42
+ struct inode *dir, struct dentry *new_dentry,
43
+ struct vfsmount *new_mnt);
44
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
45
int (*inode_symlink) (struct inode *dir, struct dentry *dentry,
46
struct vfsmount *mnt, const char *old_name);
47
@@ -1628,12 +1631,15 @@ static inline int security_inode_create
50
static inline int security_inode_link (struct dentry *old_dentry,
51
+ struct vfsmount *old_mnt,
53
- struct dentry *new_dentry)
54
+ struct dentry *new_dentry,
55
+ struct vfsmount *new_mnt)
57
if (unlikely (IS_PRIVATE (old_dentry->d_inode)))
59
- return security_ops->inode_link (old_dentry, dir, new_dentry);
60
+ return security_ops->inode_link (old_dentry, old_mnt, dir,
61
+ new_dentry, new_mnt);
64
static inline int security_inode_unlink (struct inode *dir,
65
@@ -2359,8 +2365,10 @@ static inline int security_inode_create
68
static inline int security_inode_link (struct dentry *old_dentry,
69
+ struct vfsmount *old_mnt,
71
- struct dentry *new_dentry)
72
+ struct dentry *new_dentry,
73
+ struct vfsmount *new_mnt)
77
Index: b/security/dummy.c
78
===================================================================
79
--- a/security/dummy.c
80
+++ b/security/dummy.c
81
@@ -270,8 +270,10 @@ static int dummy_inode_create (struct in
85
-static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
86
- struct dentry *new_dentry)
87
+static int dummy_inode_link (struct dentry *old_dentry,
88
+ struct vfsmount *old_mnt, struct inode *inode,
89
+ struct dentry *new_dentry,
90
+ struct vfsmount *new_mnt)
94
Index: b/security/selinux/hooks.c
95
===================================================================
96
--- a/security/selinux/hooks.c
97
+++ b/security/selinux/hooks.c
98
@@ -2184,11 +2184,16 @@ static int selinux_inode_create(struct i
99
return may_create(dir, dentry, SECCLASS_FILE);
102
-static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
103
+static int selinux_inode_link(struct dentry *old_dentry,
104
+ struct vfsmount *old_mnt,
106
+ struct dentry *new_dentry,
107
+ struct vfsmount *new_mnt)
111
- rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
112
+ rc = secondary_ops->inode_link(old_dentry, old_mnt, dir, new_dentry,
116
return may_link(dir, old_dentry, MAY_LINK);