1
Pass struct vfsmount to the inode_rmdir LSM hook
3
Signed-off-by: Tony Jones <tonyj@suse.de>
4
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
7
===================================================================
10
@@ -2023,7 +2023,7 @@ int vfs_rmdir(struct inode *dir, struct
11
if (d_mountpoint(dentry))
14
- error = security_inode_rmdir(dir, dentry);
15
+ error = security_inode_rmdir(dir, dentry, mnt);
17
error = dir->i_op->rmdir(dir, dentry);
19
Index: b/include/linux/security.h
20
===================================================================
21
--- a/include/linux/security.h
22
+++ b/include/linux/security.h
23
@@ -318,6 +318,7 @@ struct request_sock;
24
* Check the permission to remove a directory.
25
* @dir contains the inode structure of parent of the directory to be removed.
26
* @dentry contains the dentry structure of directory to be removed.
27
+ * @mnt is the vfsmount corresponding to @dentry (may be NULL).
28
* Return 0 if permission is granted.
30
* Check permissions when creating a special file (or a socket or a fifo
31
@@ -1222,7 +1223,8 @@ struct security_operations {
32
struct vfsmount *mnt, const char *old_name);
33
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
34
struct vfsmount *mnt, int mode);
35
- int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
36
+ int (*inode_rmdir) (struct inode *dir, struct dentry *dentry,
37
+ struct vfsmount *mnt);
38
int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
39
struct vfsmount *mnt, int mode, dev_t dev);
40
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
41
@@ -1671,11 +1673,12 @@ static inline int security_inode_mkdir (
44
static inline int security_inode_rmdir (struct inode *dir,
45
- struct dentry *dentry)
46
+ struct dentry *dentry,
47
+ struct vfsmount *mnt)
49
if (unlikely (IS_PRIVATE (dentry->d_inode)))
51
- return security_ops->inode_rmdir (dir, dentry);
52
+ return security_ops->inode_rmdir (dir, dentry, mnt);
55
static inline int security_inode_mknod (struct inode *dir,
56
@@ -2396,7 +2399,8 @@ static inline int security_inode_mkdir (
59
static inline int security_inode_rmdir (struct inode *dir,
60
- struct dentry *dentry)
61
+ struct dentry *dentry,
62
+ struct vfsmount *mnt)
66
Index: b/security/dummy.c
67
===================================================================
68
--- a/security/dummy.c
69
+++ b/security/dummy.c
70
@@ -295,7 +295,8 @@ static int dummy_inode_mkdir (struct ino
74
-static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
75
+static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry,
76
+ struct vfsmount *mnt)
80
Index: b/security/selinux/hooks.c
81
===================================================================
82
--- a/security/selinux/hooks.c
83
+++ b/security/selinux/hooks.c
84
@@ -2221,7 +2221,8 @@ static int selinux_inode_mkdir(struct in
85
return may_create(dir, dentry, SECCLASS_DIR);
88
-static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
89
+static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry,
90
+ struct vfsmount *mnt)
92
return may_link(dir, dentry, MAY_RMDIR);