1
Pass struct vfsmount to the inode_setattr LSM hook
3
Signed-off-by: Tony Jones <tonyj@suse.de>
4
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
7
===================================================================
10
@@ -145,13 +145,13 @@ int notify_change(struct dentry *dentry,
11
down_write(&dentry->d_inode->i_alloc_sem);
13
if (inode->i_op && inode->i_op->setattr) {
14
- error = security_inode_setattr(dentry, attr);
15
+ error = security_inode_setattr(dentry, mnt, attr);
17
error = inode->i_op->setattr(dentry, attr);
19
error = inode_change_ok(inode, attr);
21
- error = security_inode_setattr(dentry, attr);
22
+ error = security_inode_setattr(dentry, mnt, attr);
24
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
25
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
26
Index: b/include/linux/security.h
27
===================================================================
28
--- a/include/linux/security.h
29
+++ b/include/linux/security.h
30
@@ -358,6 +358,7 @@ struct request_sock;
31
* file attributes change (such as when a file is truncated, chown/chmod
32
* operations, transferring disk quotas, etc).
33
* @dentry contains the dentry structure for the file.
34
+ * @mnt is the vfsmount corresponding to @dentry (may be NULL).
35
* @attr is the iattr structure containing the new file attributes.
36
* Return 0 if permission is granted.
38
@@ -1221,7 +1222,8 @@ struct security_operations {
39
int (*inode_readlink) (struct dentry *dentry);
40
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
41
int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
42
- int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
43
+ int (*inode_setattr) (struct dentry *dentry, struct vfsmount *mnt,
44
+ struct iattr *attr);
45
int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
46
void (*inode_delete) (struct inode *inode);
47
int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
48
@@ -1708,11 +1710,12 @@ static inline int security_inode_permiss
51
static inline int security_inode_setattr (struct dentry *dentry,
52
+ struct vfsmount *mnt,
55
if (unlikely (IS_PRIVATE (dentry->d_inode)))
57
- return security_ops->inode_setattr (dentry, attr);
58
+ return security_ops->inode_setattr (dentry, mnt, attr);
61
static inline int security_inode_getattr (struct vfsmount *mnt,
62
@@ -2412,6 +2415,7 @@ static inline int security_inode_permiss
65
static inline int security_inode_setattr (struct dentry *dentry,
66
+ struct vfsmount *mnt,
70
Index: b/security/dummy.c
71
===================================================================
72
--- a/security/dummy.c
73
+++ b/security/dummy.c
74
@@ -328,7 +328,8 @@ static int dummy_inode_permission (struc
78
-static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr)
79
+static int dummy_inode_setattr (struct dentry *dentry, struct vfsmount *mnt,
80
+ struct iattr *iattr)
84
Index: b/security/selinux/hooks.c
85
===================================================================
86
--- a/security/selinux/hooks.c
87
+++ b/security/selinux/hooks.c
88
@@ -2269,11 +2269,12 @@ static int selinux_inode_permission(stru
89
file_mask_to_av(inode->i_mode, mask), NULL);
92
-static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
93
+static int selinux_inode_setattr(struct dentry *dentry, struct vfsmount *mnt,
94
+ struct iattr *iattr)
98
- rc = secondary_ops->inode_setattr(dentry, iattr);
99
+ rc = secondary_ops->inode_setattr(dentry, mnt, iattr);