1
Pass struct vfsmount to the inode_create LSM hook.
3
Signed-off-by: Tony Jones <tonyj@suse.de>
4
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
7
===================================================================
10
@@ -1503,7 +1503,7 @@ int vfs_create(struct inode *dir, struct
11
return -EACCES; /* shouldn't it be ENOSYS? */
14
- error = security_inode_create(dir, dentry, mode);
15
+ error = security_inode_create(dir, dentry, nd ? nd->mnt : NULL, mode);
19
Index: b/include/linux/security.h
20
===================================================================
21
--- a/include/linux/security.h
22
+++ b/include/linux/security.h
23
@@ -283,6 +283,7 @@ struct request_sock;
24
* Check permission to create a regular file.
25
* @dir contains inode structure of the parent of the new file.
26
* @dentry contains the dentry structure for the file to be created.
27
+ * @mnt is the vfsmount corresponding to @dentry (may be NULL).
28
* @mode contains the file mode of the file to be created.
29
* Return 0 if permission is granted.
31
@@ -1204,8 +1205,8 @@ struct security_operations {
32
void (*inode_free_security) (struct inode *inode);
33
int (*inode_init_security) (struct inode *inode, struct inode *dir,
34
char **name, void **value, size_t *len);
35
- int (*inode_create) (struct inode *dir,
36
- struct dentry *dentry, int mode);
37
+ int (*inode_create) (struct inode *dir, struct dentry *dentry,
38
+ struct vfsmount *mnt, int mode);
39
int (*inode_link) (struct dentry *old_dentry,
40
struct inode *dir, struct dentry *new_dentry);
41
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
42
@@ -1611,11 +1612,12 @@ static inline int security_inode_init_se
44
static inline int security_inode_create (struct inode *dir,
45
struct dentry *dentry,
46
+ struct vfsmount *mnt,
49
if (unlikely (IS_PRIVATE (dir)))
51
- return security_ops->inode_create (dir, dentry, mode);
52
+ return security_ops->inode_create (dir, dentry, mnt, mode);
55
static inline int security_inode_link (struct dentry *old_dentry,
56
@@ -2338,6 +2340,7 @@ static inline int security_inode_init_se
58
static inline int security_inode_create (struct inode *dir,
59
struct dentry *dentry,
60
+ struct vfsmount *mnt,
64
Index: b/security/dummy.c
65
===================================================================
66
--- a/security/dummy.c
67
+++ b/security/dummy.c
68
@@ -265,7 +265,7 @@ static int dummy_inode_init_security (st
71
static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
73
+ struct vfsmount *mnt, int mask)
77
Index: b/security/selinux/hooks.c
78
===================================================================
79
--- a/security/selinux/hooks.c
80
+++ b/security/selinux/hooks.c
81
@@ -2178,7 +2178,8 @@ static int selinux_inode_init_security(s
85
-static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
86
+static int selinux_inode_create(struct inode *dir, struct dentry *dentry,
87
+ struct vfsmount *mnt, int mask)
89
return may_create(dir, dentry, SECCLASS_FILE);