Added missing Xen Kernel Patches which were not commited because

[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.apparmor / security-rmdir.diff

diff --git a/src/patches/suse-2.6.27.31/patches.apparmor/security-rmdir.diff b/src/patches/suse-2.6.27.31/patches.apparmor/security-rmdir.diff
new file mode 100644 (file)
index 0000000..30c8e30
--- /dev/null
+++ b/src/patches/suse-2.6.27.31/patches.apparmor/security-rmdir.diff
@@ -0,0 +1,127 @@
+From: Tony Jones <tonyj@suse.de>
+Subject: Pass struct vfsmount to the inode_rmdir LSM hook
+
+This is needed for computing pathnames in the AppArmor LSM.
+
+Signed-off-by: Tony Jones <tonyj@suse.de>
+Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>
+
+---
+ fs/namei.c                 |    2 +-
+ include/linux/security.h   |   10 +++++++---
+ security/capability.c      |    3 ++-
+ security/security.c        |    5 +++--
+ security/selinux/hooks.c   |    3 ++-
+ security/smack/smack_lsm.c |    4 +++-
+ 6 files changed, 18 insertions(+), 9 deletions(-)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -2184,7 +2184,7 @@ int vfs_rmdir(struct inode *dir, struct
+       if (d_mountpoint(dentry))
+               error = -EBUSY;
+       else {
+-              error = security_inode_rmdir(dir, dentry);
++              error = security_inode_rmdir(dir, dentry, mnt);
+               if (!error) {
+                       error = dir->i_op->rmdir(dir, dentry);
+                       if (!error)
+--- a/include/linux/security.h
++++ b/include/linux/security.h
+@@ -372,6 +372,7 @@ static inline void security_free_mnt_opt
+  *    Check the permission to remove a directory.
+  *    @dir contains the inode structure of parent of the directory to be removed.
+  *    @dentry contains the dentry structure of directory to be removed.
++ *    @mnt is the vfsmount corresponding to @dentry (may be NULL).
+  *    Return 0 if permission is granted.
+  * @inode_mknod:
+  *    Check permissions when creating a special file (or a socket or a fifo
+@@ -1372,7 +1373,8 @@ struct security_operations {
+                             struct vfsmount *mnt, const char *old_name);
+       int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
+                           struct vfsmount *mnt, int mode);
+-      int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
++      int (*inode_rmdir) (struct inode *dir, struct dentry *dentry,
++                          struct vfsmount *mnt);
+       int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
+                           struct vfsmount *mnt, int mode, dev_t dev);
+       int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
+@@ -1643,7 +1645,8 @@ int security_inode_symlink(struct inode
+                          struct vfsmount *mnt, const char *old_name);
+ int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
+                        struct vfsmount *mnt, int mode);
+-int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
++int security_inode_rmdir(struct inode *dir, struct dentry *dentry,
++                       struct vfsmount *mnt);
+ int security_inode_mknod(struct inode *dir, struct dentry *dentry,
+                        struct vfsmount *mnt, int mode, dev_t dev);
+ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
+@@ -2022,7 +2025,8 @@ static inline int security_inode_mkdir(s
+ }
+ 
+ static inline int security_inode_rmdir(struct inode *dir,
+-                                      struct dentry *dentry)
++                                     struct dentry *dentry,
++                                     struct vfsmount *mnt)
+ {
+       return 0;
+ }
+--- a/security/capability.c
++++ b/security/capability.c
+@@ -184,7 +184,8 @@ static int cap_inode_mkdir(struct inode
+       return 0;
+ }
+ 
+-static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
++static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry,
++                         struct vfsmount *mnt)
+ {
+       return 0;
+ }
+--- a/security/security.c
++++ b/security/security.c
+@@ -396,11 +396,12 @@ int security_inode_mkdir(struct inode *d
+       return security_ops->inode_mkdir(dir, dentry, mnt, mode);
+ }
+ 
+-int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
++int security_inode_rmdir(struct inode *dir, struct dentry *dentry,
++                       struct vfsmount *mnt)
+ {
+       if (unlikely(IS_PRIVATE(dentry->d_inode)))
+               return 0;
+-      return security_ops->inode_rmdir(dir, dentry);
++      return security_ops->inode_rmdir(dir, dentry, mnt);
+ }
+ 
+ int security_inode_mknod(struct inode *dir, struct dentry *dentry,
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2609,7 +2609,8 @@ static int selinux_inode_mkdir(struct in
+       return may_create(dir, dentry, SECCLASS_DIR);
+ }
+ 
+-static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
++static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry,
++                             struct vfsmount *mnt)
+ {
+       return may_link(dir, dentry, MAY_RMDIR);
+ }
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -480,11 +480,13 @@ static int smack_inode_unlink(struct ino
+  * smack_inode_rmdir - Smack check on directory deletion
+  * @dir: containing directory object
+  * @dentry: directory to unlink
++ * @mnt: vfsmount @dentry to unlink
+  *
+  * Returns 0 if current can write the containing directory
+  * and the directory, error code otherwise
+  */
+-static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
++static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry,
++                           struct vfsmount *mnt)
+ {
+       int rc;
+