[ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.apparmor / fix-vfs_rmdir.diff

From: John Johansen <jjohansen@suse.de>
Subject: Call lsm hook before unhashing dentry in vfs_rmdir()

If we unhash the dentry before calling the security_inode_rmdir hook,
we cannot compute the file's pathname in the hook anymore. AppArmor
needs to know the filename in order to decide whether a file may be
deleted, though.

Signed-off-by: John Johansen <jjohansen@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>

---
 fs/namei.c |   13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2177,6 +2177,10 @@ int vfs_rmdir(struct inode *dir, struct 
 	if (!dir->i_op || !dir->i_op->rmdir)
 		return -EPERM;
 
+	error = security_inode_rmdir(dir, dentry, mnt);
+	if (error)
+		return error;
+
 	DQUOT_INIT(dir);
 
 	mutex_lock(&dentry->d_inode->i_mutex);
@@ -2184,12 +2188,9 @@ int vfs_rmdir(struct inode *dir, struct 
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_inode_rmdir(dir, dentry, mnt);
-		if (!error) {
-			error = dir->i_op->rmdir(dir, dentry);
-			if (!error)
-				dentry->d_inode->i_flags |= S_DEAD;
-		}
+		error = dir->i_op->rmdir(dir, dentry);
+		if (!error)
+			dentry->d_inode->i_flags |= S_DEAD;
 	}
 	mutex_unlock(&dentry->d_inode->i_mutex);
 	if (!error) {
Commit	Line	Data
4d1e5b62 AF	1	From: John Johansen <jjohansen@suse.de>
	2	Subject: Call lsm hook before unhashing dentry in vfs_rmdir()
	3
	4	If we unhash the dentry before calling the security_inode_rmdir hook,
	5	we cannot compute the file's pathname in the hook anymore. AppArmor
	6	needs to know the filename in order to decide whether a file may be
	7	deleted, though.
	8
	9	Signed-off-by: John Johansen <jjohansen@suse.de>
	10	Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
	11
	12	---
	13	fs/namei.c \| 13 +++++++------
	14	1 file changed, 7 insertions(+), 6 deletions(-)
	15
	16	--- a/fs/namei.c
	17	+++ b/fs/namei.c
	18	@@ -2177,6 +2177,10 @@ int vfs_rmdir(struct inode *dir, struct
	19	if (!dir->i_op \|\| !dir->i_op->rmdir)
	20	return -EPERM;
	21
	22	+ error = security_inode_rmdir(dir, dentry, mnt);
	23	+ if (error)
	24	+ return error;
	25	+
	26	DQUOT_INIT(dir);
	27
	28	mutex_lock(&dentry->d_inode->i_mutex);
	29	@@ -2184,12 +2188,9 @@ int vfs_rmdir(struct inode *dir, struct
	30	if (d_mountpoint(dentry))
	31	error = -EBUSY;
	32	else {
	33	- error = security_inode_rmdir(dir, dentry, mnt);
	34	- if (!error) {
	35	- error = dir->i_op->rmdir(dir, dentry);
	36	- if (!error)
	37	- dentry->d_inode->i_flags \|= S_DEAD;
	38	- }
	39	+ error = dir->i_op->rmdir(dir, dentry);
	40	+ if (!error)
	41	+ dentry->d_inode->i_flags \|= S_DEAD;
	42	}
	43	mutex_unlock(&dentry->d_inode->i_mutex);
	44	if (!error) {