X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fpatches%2Fsuse-2.6.27.31%2Fpatches.apparmor%2Fsecurity-unlink.diff;fp=src%2Fpatches%2Fsuse-2.6.27.31%2Fpatches.apparmor%2Fsecurity-unlink.diff;h=0000000000000000000000000000000000000000;hb=2e4178199a697105e827d68d66ab7101acd1dd8c;hp=71764b4678e986a4d8735c174a5da6804925cfd2;hpb=df2a9a46c7db6362520343d6ec70fbcfe40b2795;p=people%2Fpmueller%2Fipfire-2.x.git diff --git a/src/patches/suse-2.6.27.31/patches.apparmor/security-unlink.diff b/src/patches/suse-2.6.27.31/patches.apparmor/security-unlink.diff deleted file mode 100644 index 71764b4678..0000000000 --- a/src/patches/suse-2.6.27.31/patches.apparmor/security-unlink.diff +++ /dev/null @@ -1,132 +0,0 @@ -From: Tony Jones -Subject: Pass struct vfsmount to the inode_unlink LSM hook - -This is needed for computing pathnames in the AppArmor LSM. - -Signed-off-by: Tony Jones -Signed-off-by: Andreas Gruenbacher -Signed-off-by: John Johansen - ---- - fs/namei.c | 2 +- - include/linux/security.h | 10 +++++++--- - security/capability.c | 3 ++- - security/security.c | 5 +++-- - security/selinux/hooks.c | 5 +++-- - security/smack/smack_lsm.c | 4 +++- - 6 files changed, 19 insertions(+), 10 deletions(-) - ---- a/fs/namei.c -+++ b/fs/namei.c -@@ -2264,7 +2264,7 @@ int vfs_unlink(struct inode *dir, struct - if (d_mountpoint(dentry)) - error = -EBUSY; - else { -- error = security_inode_unlink(dir, dentry); -+ error = security_inode_unlink(dir, dentry, mnt); - if (!error) - error = dir->i_op->unlink(dir, dentry); - } ---- a/include/linux/security.h -+++ b/include/linux/security.h -@@ -352,6 +352,7 @@ static inline void security_free_mnt_opt - * Check the permission to remove a hard link to a file. - * @dir contains the inode structure of parent directory of the file. - * @dentry contains the dentry structure for file to be unlinked. -+ * @mnt is the vfsmount corresponding to @dentry (may be NULL). - * Return 0 if permission is granted. - * @inode_symlink: - * Check the permission to create a symbolic link to a file. -@@ -1368,7 +1369,8 @@ struct security_operations { - int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt, - struct inode *dir, struct dentry *new_dentry, - struct vfsmount *new_mnt); -- int (*inode_unlink) (struct inode *dir, struct dentry *dentry); -+ int (*inode_unlink) (struct inode *dir, struct dentry *dentry, -+ struct vfsmount *mnt); - int (*inode_symlink) (struct inode *dir, struct dentry *dentry, - struct vfsmount *mnt, const char *old_name); - int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, -@@ -1640,7 +1642,8 @@ int security_inode_create(struct inode * - int security_inode_link(struct dentry *old_dentry, struct vfsmount *old_mnt, - struct inode *dir, struct dentry *new_dentry, - struct vfsmount *new_mnt); --int security_inode_unlink(struct inode *dir, struct dentry *dentry); -+int security_inode_unlink(struct inode *dir, struct dentry *dentry, -+ struct vfsmount *mnt); - int security_inode_symlink(struct inode *dir, struct dentry *dentry, - struct vfsmount *mnt, const char *old_name); - int security_inode_mkdir(struct inode *dir, struct dentry *dentry, -@@ -2003,7 +2006,8 @@ static inline int security_inode_link(st - } - - static inline int security_inode_unlink(struct inode *dir, -- struct dentry *dentry) -+ struct dentry *dentry, -+ struct vfsmount *mnt) - { - return 0; - } ---- a/security/capability.c -+++ b/security/capability.c -@@ -167,7 +167,8 @@ static int cap_inode_link(struct dentry - return 0; - } - --static int cap_inode_unlink(struct inode *inode, struct dentry *dentry) -+static int cap_inode_unlink(struct inode *inode, struct dentry *dentry, -+ struct vfsmount *mnt) - { - return 0; - } ---- a/security/security.c -+++ b/security/security.c -@@ -376,11 +376,12 @@ int security_inode_link(struct dentry *o - new_dentry, new_mnt); - } - --int security_inode_unlink(struct inode *dir, struct dentry *dentry) -+int security_inode_unlink(struct inode *dir, struct dentry *dentry, -+ struct vfsmount *mnt) - { - if (unlikely(IS_PRIVATE(dentry->d_inode))) - return 0; -- return security_ops->inode_unlink(dir, dentry); -+ return security_ops->inode_unlink(dir, dentry, mnt); - } - - int security_inode_symlink(struct inode *dir, struct dentry *dentry, ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -2587,11 +2587,12 @@ static int selinux_inode_link(struct den - return may_link(dir, old_dentry, MAY_LINK); - } - --static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) -+static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry, -+ struct vfsmount *mnt) - { - int rc; - -- rc = secondary_ops->inode_unlink(dir, dentry); -+ rc = secondary_ops->inode_unlink(dir, dentry, mnt); - if (rc) - return rc; - return may_link(dir, dentry, MAY_UNLINK); ---- a/security/smack/smack_lsm.c -+++ b/security/smack/smack_lsm.c -@@ -454,11 +454,13 @@ static int smack_inode_link(struct dentr - * smack_inode_unlink - Smack check on inode deletion - * @dir: containing directory object - * @dentry: file to unlink -+ * @mnt: vfsmount of file to unlink - * - * Returns 0 if current can write the containing directory - * and the object, error code otherwise - */ --static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) -+static int smack_inode_unlink(struct inode *dir, struct dentry *dentry, -+ struct vfsmount *mnt) - { - struct inode *ip = dentry->d_inode; - int rc;