--- /dev/null
+From: Andreas Gruenbacher <agruen@suse.de>
+Subject: Pass struct file down the inode_*xattr security LSM hooks
+
+This allows LSMs to also distinguish between file descriptor and path
+access for the xattr operations. (The other relevant operations are
+covered by the setattr hook.)
+
+Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>
+
+---
+ fs/xattr.c | 59 +++++++++++++++++++++++----------------------
+ include/linux/security.h | 38 ++++++++++++++++------------
+ include/linux/xattr.h | 9 +++---
+ security/capability.c | 5 ++-
+ security/commoncap.c | 4 +--
+ security/security.c | 17 ++++++------
+ security/selinux/hooks.c | 10 ++++---
+ security/smack/smack_lsm.c | 14 ++++++----
+ 8 files changed, 87 insertions(+), 69 deletions(-)
+
+Index: linux-2.6.27/fs/xattr.c
+===================================================================
+--- linux-2.6.27.orig/fs/xattr.c
++++ linux-2.6.27/fs/xattr.c
+@@ -68,7 +68,7 @@ xattr_permission(struct inode *inode, co
+
+ int
+ vfs_setxattr(struct dentry *dentry, struct vfsmount *mnt, const char *name,
+- const void *value, size_t size, int flags)
++ const void *value, size_t size, int flags, struct file *file)
+ {
+ struct inode *inode = dentry->d_inode;
+ int error;
+@@ -78,7 +78,7 @@ vfs_setxattr(struct dentry *dentry, stru
+ return error;
+
+ mutex_lock(&inode->i_mutex);
+- error = security_inode_setxattr(dentry, mnt, name, value, size, flags);
++ error = security_inode_setxattr(dentry, mnt, name, value, size, flags, file);
+ if (error)
+ goto out;
+ error = -EOPNOTSUPP;
+@@ -132,7 +132,7 @@ EXPORT_SYMBOL_GPL(xattr_getsecurity);
+
+ ssize_t
+ vfs_getxattr(struct dentry *dentry, struct vfsmount *mnt, const char *name,
+- void *value, size_t size)
++ void *value, size_t size, struct file *file)
+ {
+ struct inode *inode = dentry->d_inode;
+ int error;
+@@ -141,7 +141,7 @@ vfs_getxattr(struct dentry *dentry, stru
+ if (error)
+ return error;
+
+- error = security_inode_getxattr(dentry, mnt, name);
++ error = security_inode_getxattr(dentry, mnt, name, file);
+ if (error)
+ return error;
+
+@@ -169,12 +169,12 @@ EXPORT_SYMBOL_GPL(vfs_getxattr);
+
+ ssize_t
+ vfs_listxattr(struct dentry *dentry, struct vfsmount *mnt, char *list,
+- size_t size)
++ size_t size, struct file *file)
+ {
+ struct inode *inode = dentry->d_inode;
+ ssize_t error;
+
+- error = security_inode_listxattr(dentry, mnt);
++ error = security_inode_listxattr(dentry, mnt, file);
+ if (error)
+ return error;
+ error = -EOPNOTSUPP;
+@@ -190,7 +190,8 @@ vfs_listxattr(struct dentry *dentry, str
+ EXPORT_SYMBOL_GPL(vfs_listxattr);
+
+ int
+-vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, const char *name)
++vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, const char *name,
++ struct file *file)
+ {
+ struct inode *inode = dentry->d_inode;
+ int error;
+@@ -202,7 +203,7 @@ vfs_removexattr(struct dentry *dentry, s
+ if (error)
+ return error;
+
+- error = security_inode_removexattr(dentry, mnt, name);
++ error = security_inode_removexattr(dentry, mnt, name, file);
+ if (error)
+ return error;
+
+@@ -222,7 +223,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
+ */
+ static long
+ setxattr(struct dentry *dentry, struct vfsmount *mnt, const char __user *name,
+- const void __user *value, size_t size, int flags)
++ const void __user *value, size_t size, int flags, struct file *file)
+ {
+ int error;
+ void *kvalue = NULL;
+@@ -249,7 +250,7 @@ setxattr(struct dentry *dentry, struct v
+ }
+ }
+
+- error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags);
++ error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags, file);
+ kfree(kvalue);
+ return error;
+ }
+@@ -266,7 +267,7 @@ SYSCALL_DEFINE5(setxattr, const char __u
+ return error;
+ error = mnt_want_write(path.mnt);
+ if (!error) {
+- error = setxattr(path.dentry, path.mnt, name, value, size, flags);
++ error = setxattr(path.dentry, path.mnt, name, value, size, flags, NULL);
+ mnt_drop_write(path.mnt);
+ }
+ path_put(&path);
+@@ -285,7 +286,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __
+ return error;
+ error = mnt_want_write(path.mnt);
+ if (!error) {
+- error = setxattr(path.dentry, path.mnt, name, value, size, flags);
++ error = setxattr(path.dentry, path.mnt, name, value, size, flags, NULL);
+ mnt_drop_write(path.mnt);
+ }
+ path_put(&path);
+@@ -306,7 +307,8 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, cons
+ audit_inode(NULL, dentry);
+ error = mnt_want_write_file(f->f_path.mnt, f);
+ if (!error) {
+- error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags);
++ error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags,
++ f);
+ mnt_drop_write(f->f_path.mnt);
+ }
+ fput(f);
+@@ -318,7 +320,7 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, cons
+ */
+ static ssize_t
+ getxattr(struct dentry *dentry, struct vfsmount *mnt, const char __user *name,
+- void __user *value, size_t size)
++ void __user *value, size_t size, struct file *file)
+ {
+ ssize_t error;
+ void *kvalue = NULL;
+@@ -338,7 +340,7 @@ getxattr(struct dentry *dentry, struct v
+ return -ENOMEM;
+ }
+
+- error = vfs_getxattr(dentry, mnt, kname, kvalue, size);
++ error = vfs_getxattr(dentry, mnt, kname, kvalue, size, file);
+ if (error > 0) {
+ if (size && copy_to_user(value, kvalue, error))
+ error = -EFAULT;
+@@ -360,7 +362,7 @@ SYSCALL_DEFINE4(getxattr, const char __u
+ error = user_path(pathname, &path);
+ if (error)
+ return error;
+- error = getxattr(path.dentry, path.mnt, name, value, size);
++ error = getxattr(path.dentry, path.mnt, name, value, size, NULL);
+ path_put(&path);
+ return error;
+ }
+@@ -374,7 +376,7 @@ SYSCALL_DEFINE4(lgetxattr, const char __
+ error = user_lpath(pathname, &path);
+ if (error)
+ return error;
+- error = getxattr(path.dentry, path.mnt, name, value, size);
++ error = getxattr(path.dentry, path.mnt, name, value, size, NULL);
+ path_put(&path);
+ return error;
+ }
+@@ -389,7 +391,7 @@ SYSCALL_DEFINE4(fgetxattr, int, fd, cons
+ if (!f)
+ return error;
+ audit_inode(NULL, f->f_path.dentry);
+- error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size);
++ error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size, f);
+ fput(f);
+ return error;
+ }
+@@ -399,7 +401,7 @@ SYSCALL_DEFINE4(fgetxattr, int, fd, cons
+ */
+ static ssize_t
+ listxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *list,
+- size_t size)
++ size_t size, struct file *file)
+ {
+ ssize_t error;
+ char *klist = NULL;
+@@ -412,7 +414,7 @@ listxattr(struct dentry *dentry, struct
+ return -ENOMEM;
+ }
+
+- error = vfs_listxattr(dentry, mnt, klist, size);
++ error = vfs_listxattr(dentry, mnt, klist, size, file);
+ if (error > 0) {
+ if (size && copy_to_user(list, klist, error))
+ error = -EFAULT;
+@@ -434,7 +436,7 @@ SYSCALL_DEFINE3(listxattr, const char __
+ error = user_path(pathname, &path);
+ if (error)
+ return error;
+- error = listxattr(path.dentry, path.mnt, list, size);
++ error = listxattr(path.dentry, path.mnt, list, size, NULL);
+ path_put(&path);
+ return error;
+ }
+@@ -448,7 +450,7 @@ SYSCALL_DEFINE3(llistxattr, const char _
+ error = user_lpath(pathname, &path);
+ if (error)
+ return error;
+- error = listxattr(path.dentry, path.mnt, list, size);
++ error = listxattr(path.dentry, path.mnt, list, size, NULL);
+ path_put(&path);
+ return error;
+ }
+@@ -462,7 +464,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, cha
+ if (!f)
+ return error;
+ audit_inode(NULL, f->f_path.dentry);
+- error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size);
++ error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size, f);
+ fput(f);
+ return error;
+ }
+@@ -471,7 +473,8 @@ SYSCALL_DEFINE3(flistxattr, int, fd, cha
+ * Extended attribute REMOVE operations
+ */
+ static long
+-removexattr(struct dentry *dentry, struct vfsmount *mnt, const char __user *name)
++removexattr(struct dentry *dentry, struct vfsmount *mnt,
++ const char __user *name, struct file *file)
+ {
+ int error;
+ char kname[XATTR_NAME_MAX + 1];
+@@ -482,7 +485,7 @@ removexattr(struct dentry *dentry, struc
+ if (error < 0)
+ return error;
+
+- return vfs_removexattr(dentry, mnt, kname);
++ return vfs_removexattr(dentry, mnt, kname, file);
+ }
+
+ SYSCALL_DEFINE2(removexattr, const char __user *, pathname,
+@@ -496,7 +499,7 @@ SYSCALL_DEFINE2(removexattr, const char
+ return error;
+ error = mnt_want_write(path.mnt);
+ if (!error) {
+- error = removexattr(path.dentry, path.mnt, name);
++ error = removexattr(path.dentry, path.mnt, name, NULL);
+ mnt_drop_write(path.mnt);
+ }
+ path_put(&path);
+@@ -514,7 +517,7 @@ SYSCALL_DEFINE2(lremovexattr, const char
+ return error;
+ error = mnt_want_write(path.mnt);
+ if (!error) {
+- error = removexattr(path.dentry, path.mnt, name);
++ error = removexattr(path.dentry, path.mnt, name, NULL);
+ mnt_drop_write(path.mnt);
+ }
+ path_put(&path);
+@@ -534,7 +537,7 @@ SYSCALL_DEFINE2(fremovexattr, int, fd, c
+ audit_inode(NULL, dentry);
+ error = mnt_want_write_file(f->f_path.mnt, f);
+ if (!error) {
+- error = removexattr(dentry, f->f_path.mnt, name);
++ error = removexattr(dentry, f->f_path.mnt, name, f);
+ mnt_drop_write(f->f_path.mnt);
+ }
+ fput(f);
+Index: linux-2.6.27/include/linux/security.h
+===================================================================
+--- linux-2.6.27.orig/include/linux/security.h
++++ linux-2.6.27/include/linux/security.h
+@@ -56,9 +56,9 @@ extern void cap_bprm_apply_creds(struct
+ extern int cap_bprm_secureexec(struct linux_binprm *bprm);
+ extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value, size_t size,
+- int flags);
++ int flags, struct file *file);
+ extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name);
++ const char *name, struct file *file);
+ extern int cap_inode_need_killpriv(struct dentry *dentry);
+ extern int cap_inode_killpriv(struct dentry *dentry);
+ extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
+@@ -1396,16 +1396,17 @@ struct security_operations {
+ void (*inode_delete) (struct inode *inode);
+ int (*inode_setxattr) (struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value, size_t size,
+- int flags);
++ int flags, struct file *file);
+ void (*inode_post_setxattr) (struct dentry *dentry,
+ struct vfsmount *mnt,
+ const char *name, const void *value,
+ size_t size, int flags);
+ int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt,
+- const char *name);
+- int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt);
++ const char *name, struct file *file);
++ int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt,
++ struct file *file);
+ int (*inode_removexattr) (struct dentry *dentry, struct vfsmount *mnt,
+- const char *name);
++ const char *name, struct file *file);
+ int (*inode_need_killpriv) (struct dentry *dentry);
+ int (*inode_killpriv) (struct dentry *dentry);
+ int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
+@@ -1675,15 +1676,16 @@ int security_inode_getattr(struct vfsmou
+ void security_inode_delete(struct inode *inode);
+ int security_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value,
+- size_t size, int flags);
++ size_t size, int flags, struct file *file);
+ void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value,
+ size_t size, int flags);
+ int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name);
+-int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt);
++ const char *name, struct file *file);
++int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt,
++ struct file *file);
+ int security_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name);
++ const char *name, struct file *file);
+ int security_inode_need_killpriv(struct dentry *dentry);
+ int security_inode_killpriv(struct dentry *dentry);
+ int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
+@@ -2105,9 +2107,10 @@ static inline void security_inode_delete
+ static inline int security_inode_setxattr(struct dentry *dentry,
+ struct vfsmount *mnt,
+ const char *name, const void *value,
+- size_t size, int flags)
++ size_t size, int flags,
++ struct file *file)
+ {
+- return cap_inode_setxattr(dentry, mnt, name, value, size, flags);
++ return cap_inode_setxattr(dentry, mnt, name, value, size, flags, file);
+ }
+
+ static inline void security_inode_post_setxattr(struct dentry *dentry,
+@@ -2119,22 +2122,25 @@ static inline void security_inode_post_s
+
+ static inline int security_inode_getxattr(struct dentry *dentry,
+ struct vfsmount *mnt,
+- const char *name)
++ const char *name,
++ struct file *file)
+ {
+ return 0;
+ }
+
+ static inline int security_inode_listxattr(struct dentry *dentry,
+- struct vfsmount *mnt)
++ struct vfsmount *mnt,
++ struct file *file)
+ {
+ return 0;
+ }
+
+ static inline int security_inode_removexattr(struct dentry *dentry,
+ struct vfsmount *mnt,
+- const char *name)
++ const char *name,
++ struct file *file)
+ {
+- return cap_inode_removexattr(dentry, mnt, name);
++ return cap_inode_removexattr(dentry, mnt, name, file);
+ }
+
+ static inline int security_inode_need_killpriv(struct dentry *dentry)
+Index: linux-2.6.27/include/linux/xattr.h
+===================================================================
+--- linux-2.6.27.orig/include/linux/xattr.h
++++ linux-2.6.27/include/linux/xattr.h
+@@ -17,6 +17,7 @@
+
+ #include <linux/types.h>
+ #include <linux/mount.h>
++#include <linux/fs.h>
+
+ /* Namespaces */
+ #define XATTR_OS2_PREFIX "os2."
+@@ -48,10 +49,10 @@ struct xattr_handler {
+ };
+
+ ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
+-ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, const char *, void *, size_t);
+-ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list, size_t size);
+-int vfs_setxattr(struct dentry *, struct vfsmount *, const char *, const void *, size_t, int);
+-int vfs_removexattr(struct dentry *, struct vfsmount *mnt, const char *);
++ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, const char *, void *, size_t, struct file *file);
++ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list, size_t size, struct file *file);
++int vfs_setxattr(struct dentry *, struct vfsmount *, const char *, const void *, size_t, int, struct file *file);
++int vfs_removexattr(struct dentry *, struct vfsmount *mnt, const char *, struct file *file);
+
+ ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size);
+ ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
+Index: linux-2.6.27/security/capability.c
+===================================================================
+--- linux-2.6.27.orig/security/capability.c
++++ linux-2.6.27/security/capability.c
+@@ -242,12 +242,13 @@ static void cap_inode_post_setxattr(stru
+ }
+
+ static int cap_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *f)
+ {
+ return 0;
+ }
+
+-static int cap_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt)
++static int cap_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt,
++ struct file *f)
+ {
+ return 0;
+ }
+Index: linux-2.6.27/security/commoncap.c
+===================================================================
+--- linux-2.6.27.orig/security/commoncap.c
++++ linux-2.6.27/security/commoncap.c
+@@ -416,7 +416,7 @@ int cap_bprm_secureexec (struct linux_bi
+
+ int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value, size_t size,
+- int flags)
++ int flags, struct file *file)
+ {
+ if (!strcmp(name, XATTR_NAME_CAPS)) {
+ if (!capable(CAP_SETFCAP))
+@@ -430,7 +430,7 @@ int cap_inode_setxattr(struct dentry *de
+ }
+
+ int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *file)
+ {
+ if (!strcmp(name, XATTR_NAME_CAPS)) {
+ if (!capable(CAP_SETFCAP))
+Index: linux-2.6.27/security/security.c
+===================================================================
+--- linux-2.6.27.orig/security/security.c
++++ linux-2.6.27/security/security.c
+@@ -470,12 +470,12 @@ void security_inode_delete(struct inode
+
+ int security_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value, size_t size,
+- int flags)
++ int flags, struct file *file)
+ {
+ if (unlikely(IS_PRIVATE(dentry->d_inode)))
+ return 0;
+ return security_ops->inode_setxattr(dentry, mnt, name, value, size,
+- flags);
++ flags, file);
+ }
+
+ void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+@@ -489,26 +489,27 @@ void security_inode_post_setxattr(struct
+ }
+
+ int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *file)
+ {
+ if (unlikely(IS_PRIVATE(dentry->d_inode)))
+ return 0;
+- return security_ops->inode_getxattr(dentry, mnt, name);
++ return security_ops->inode_getxattr(dentry, mnt, name, file);
+ }
+
+-int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt)
++int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt,
++ struct file *file)
+ {
+ if (unlikely(IS_PRIVATE(dentry->d_inode)))
+ return 0;
+- return security_ops->inode_listxattr(dentry, mnt);
++ return security_ops->inode_listxattr(dentry, mnt, file);
+ }
+
+ int security_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *file)
+ {
+ if (unlikely(IS_PRIVATE(dentry->d_inode)))
+ return 0;
+- return security_ops->inode_removexattr(dentry, mnt, name);
++ return security_ops->inode_removexattr(dentry, mnt, name, file);
+ }
+
+ int security_inode_need_killpriv(struct dentry *dentry)
+Index: linux-2.6.27/security/selinux/hooks.c
+===================================================================
+--- linux-2.6.27.orig/security/selinux/hooks.c
++++ linux-2.6.27/security/selinux/hooks.c
+@@ -2715,7 +2715,7 @@ static int selinux_inode_setotherxattr(s
+
+ static int selinux_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value,
+- size_t size, int flags)
++ size_t size, int flags, struct file *file)
+ {
+ struct task_security_struct *tsec = current->security;
+ struct inode *inode = dentry->d_inode;
+@@ -2797,18 +2797,20 @@ static void selinux_inode_post_setxattr(
+ }
+
+ static int selinux_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *file)
+ {
+ return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
+ }
+
+-static int selinux_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt)
++static int selinux_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt,
++ struct file *file)
+ {
+ return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
+ }
+
+ static int selinux_inode_removexattr(struct dentry *dentry,
+- struct vfsmount *mnt, const char *name)
++ struct vfsmount *mnt, const char *name,
++ struct file *file)
+ {
+ if (strcmp(name, XATTR_NAME_SELINUX))
+ return selinux_inode_setotherxattr(dentry, name);
+Index: linux-2.6.27/security/smack/smack_lsm.c
+===================================================================
+--- linux-2.6.27.orig/security/smack/smack_lsm.c
++++ linux-2.6.27/security/smack/smack_lsm.c
+@@ -600,6 +600,7 @@ static int smack_inode_getattr(struct vf
+ * @value: unused
+ * @size: unused
+ * @flags: unused
++ * @file: unused
+ *
+ * This protects the Smack attribute explicitly.
+ *
+@@ -607,7 +608,7 @@ static int smack_inode_getattr(struct vf
+ */
+ static int smack_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ const char *name, const void *value,
+- size_t size, int flags)
++ size_t size, int flags, struct file *file)
+ {
+ int rc = 0;
+
+@@ -619,7 +620,8 @@ static int smack_inode_setxattr(struct d
+ if (size == 0)
+ rc = -EINVAL;
+ } else
+- rc = cap_inode_setxattr(dentry, mnt, name, value, size, flags);
++ rc = cap_inode_setxattr(dentry, mnt, name, value, size, flags,
++ file);
+
+ if (rc == 0)
+ rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
+@@ -675,11 +677,12 @@ static void smack_inode_post_setxattr(st
+ * @dentry: the object
+ * @mnt: unused
+ * @name: unused
++ * @file: unused
+ *
+ * Returns 0 if access is permitted, an error code otherwise
+ */
+ static int smack_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *file)
+ {
+ return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
+ }
+@@ -689,13 +692,14 @@ static int smack_inode_getxattr(struct d
+ * @dentry: the object
+ * @mnt: unused
+ * @name: name of the attribute
++ * @file: unused
+ *
+ * Removing the Smack attribute requires CAP_MAC_ADMIN
+ *
+ * Returns 0 if access is permitted, an error code otherwise
+ */
+ static int smack_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
+- const char *name)
++ const char *name, struct file *file)
+ {
+ int rc = 0;
+
+@@ -705,7 +709,7 @@ static int smack_inode_removexattr(struc
+ if (!capable(CAP_MAC_ADMIN))
+ rc = -EPERM;
+ } else
+- rc = cap_inode_removexattr(dentry, mnt, name);
++ rc = cap_inode_removexattr(dentry, mnt, name, file);
+
+ if (rc == 0)
+ rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE);
projects / people / pmueller / ipfire-2.x.git / blobdiff