+++ /dev/null
-From: Tony Jones <tonyj@suse.de>
-Subject: Pass struct vfsmount to the inode_rename LSM hook
-
-This is needed for computing pathnames in the AppArmor LSM.
-
-Signed-off-by: Tony Jones <tonyj@suse.de>
-Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
-Signed-off-by: John Johansen <jjohansen@suse.de>
-
----
- fs/namei.c | 6 ++++--
- include/linux/security.h | 13 ++++++++++---
- security/capability.c | 3 ++-
- security/security.c | 7 ++++---
- security/selinux/hooks.c | 8 ++++++--
- security/smack/smack_lsm.c | 6 +++++-
- 6 files changed, 31 insertions(+), 12 deletions(-)
-
---- a/fs/namei.c
-+++ b/fs/namei.c
-@@ -2563,7 +2563,8 @@ static int vfs_rename_dir(struct inode *
- return error;
- }
-
-- error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-+ error = security_inode_rename(old_dir, old_dentry, old_mnt,
-+ new_dir, new_dentry, new_mnt);
- if (error)
- return error;
-
-@@ -2597,7 +2598,8 @@ static int vfs_rename_other(struct inode
- struct inode *target;
- int error;
-
-- error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-+ error = security_inode_rename(old_dir, old_dentry, old_mnt,
-+ new_dir, new_dentry, new_mnt);
- if (error)
- return error;
-
---- a/include/linux/security.h
-+++ b/include/linux/security.h
-@@ -390,8 +390,10 @@ static inline void security_free_mnt_opt
- * Check for permission to rename a file or directory.
- * @old_dir contains the inode structure for parent of the old link.
- * @old_dentry contains the dentry structure of the old link.
-+ * @old_mnt is the vfsmount corresponding to @old_dentry (may be NULL).
- * @new_dir contains the inode structure for parent of the new link.
- * @new_dentry contains the dentry structure of the new link.
-+ * @new_mnt is the vfsmount corresponding to @new_dentry (may be NULL).
- * Return 0 if permission is granted.
- * @inode_readlink:
- * Check the permission to read the symbolic link.
-@@ -1380,7 +1382,9 @@ struct security_operations {
- int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
- struct vfsmount *mnt, int mode, dev_t dev);
- int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
-- struct inode *new_dir, struct dentry *new_dentry);
-+ struct vfsmount *old_mnt,
-+ struct inode *new_dir, struct dentry *new_dentry,
-+ struct vfsmount *new_mnt);
- int (*inode_readlink) (struct dentry *dentry, struct vfsmount *mnt);
- int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
- int (*inode_permission) (struct inode *inode, int mask);
-@@ -1653,7 +1657,8 @@ int security_inode_rmdir(struct inode *d
- int security_inode_mknod(struct inode *dir, struct dentry *dentry,
- struct vfsmount *mnt, int mode, dev_t dev);
- int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
-- struct inode *new_dir, struct dentry *new_dentry);
-+ struct vfsmount *old_mnt, struct inode *new_dir,
-+ struct dentry *new_dentry, struct vfsmount *new_mnt);
- int security_inode_readlink(struct dentry *dentry, struct vfsmount *mnt);
- int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
- int security_inode_permission(struct inode *inode, int mask);
-@@ -2045,8 +2050,10 @@ static inline int security_inode_mknod(s
-
- static inline int security_inode_rename(struct inode *old_dir,
- struct dentry *old_dentry,
-+ struct vfsmount *old_mnt,
- struct inode *new_dir,
-- struct dentry *new_dentry)
-+ struct dentry *new_dentry,
-+ struct vfsmount *new_mnt)
- {
- return 0;
- }
---- a/security/capability.c
-+++ b/security/capability.c
-@@ -198,7 +198,8 @@ static int cap_inode_mknod(struct inode
- }
-
- static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
-- struct inode *new_inode, struct dentry *new_dentry)
-+ struct vfsmount *old_mnt, struct inode *new_inode,
-+ struct dentry *new_dentry, struct vfsmount *new_mnt)
- {
- return 0;
- }
---- a/security/security.c
-+++ b/security/security.c
-@@ -417,13 +417,14 @@ int security_inode_mknod(struct inode *d
- }
-
- int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
-- struct inode *new_dir, struct dentry *new_dentry)
-+ struct vfsmount *old_mnt, struct inode *new_dir,
-+ struct dentry *new_dentry, struct vfsmount *new_mnt)
- {
- if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
- (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
- return 0;
-- return security_ops->inode_rename(old_dir, old_dentry,
-- new_dir, new_dentry);
-+ return security_ops->inode_rename(old_dir, old_dentry, old_mnt,
-+ new_dir, new_dentry, new_mnt);
- }
-
- int security_inode_readlink(struct dentry *dentry, struct vfsmount *mnt)
---- a/security/selinux/hooks.c
-+++ b/security/selinux/hooks.c
-@@ -2628,8 +2628,12 @@ static int selinux_inode_mknod(struct in
- return may_create(dir, dentry, inode_mode_to_security_class(mode));
- }
-
--static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
-- struct inode *new_inode, struct dentry *new_dentry)
-+static int selinux_inode_rename(struct inode *old_inode,
-+ struct dentry *old_dentry,
-+ struct vfsmount *old_mnt,
-+ struct inode *new_inode,
-+ struct dentry *new_dentry,
-+ struct vfsmount *new_mnt)
- {
- return may_rename(old_inode, old_dentry, new_inode, new_dentry);
- }
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -509,8 +509,10 @@ static int smack_inode_rmdir(struct inod
- * smack_inode_rename - Smack check on rename
- * @old_inode: the old directory
- * @old_dentry: unused
-+ * @old_mnt: unused
- * @new_inode: the new directory
- * @new_dentry: unused
-+ * @new_mnt: unused
- *
- * Read and write access is required on both the old and
- * new directories.
-@@ -519,8 +521,10 @@ static int smack_inode_rmdir(struct inod
- */
- static int smack_inode_rename(struct inode *old_inode,
- struct dentry *old_dentry,
-+ struct vfsmount *old_mnt,
- struct inode *new_inode,
-- struct dentry *new_dentry)
-+ struct dentry *new_dentry,
-+ struct vfsmount *new_mnt)
- {
- int rc;
- char *isp;