Revert "Move xen patchset to new version's subdir."

[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.25 / patches.apparmor / fix-vfs_rmdir.diff

diff --git a/src/patches/suse-2.6.27.25/patches.apparmor/fix-vfs_rmdir.diff b/src/patches/suse-2.6.27.25/patches.apparmor/fix-vfs_rmdir.diff
new file mode 100644 (file)
index 0000000..141bc64
--- /dev/null
+++ b/src/patches/suse-2.6.27.25/patches.apparmor/fix-vfs_rmdir.diff
@@ -0,0 +1,44 @@
+From: John Johansen <jjohansen@suse.de>
+Subject: Call lsm hook before unhashing dentry in vfs_rmdir()
+
+If we unhash the dentry before calling the security_inode_rmdir hook,
+we cannot compute the file's pathname in the hook anymore. AppArmor
+needs to know the filename in order to decide whether a file may be
+deleted, though.
+
+Signed-off-by: John Johansen <jjohansen@suse.de>
+Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+
+---
+ fs/namei.c |   13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2177,6 +2177,10 @@ int vfs_rmdir(struct inode *dir, struct 
+       if (!dir->i_op || !dir->i_op->rmdir)
+               return -EPERM;
+ 
++      error = security_inode_rmdir(dir, dentry, mnt);
++      if (error)
++              return error;
++
+       DQUOT_INIT(dir);
+ 
+       mutex_lock(&dentry->d_inode->i_mutex);
+@@ -2184,12 +2188,9 @@ int vfs_rmdir(struct inode *dir, struct 
+       if (d_mountpoint(dentry))
+               error = -EBUSY;
+       else {
+-              error = security_inode_rmdir(dir, dentry, mnt);
+-              if (!error) {
+-                      error = dir->i_op->rmdir(dir, dentry);
+-                      if (!error)
+-                              dentry->d_inode->i_flags |= S_DEAD;
+-              }
++              error = dir->i_op->rmdir(dir, dentry);
++              if (!error)
++                      dentry->d_inode->i_flags |= S_DEAD;
+       }
+       mutex_unlock(&dentry->d_inode->i_mutex);
+       if (!error) {