1 From: Andreas Gruenbacher <agruen@suse.de>
2 Subject: Enable LSM hooks to distinguish operations on file descriptors from operations on pathnames
4 Struct iattr already contains ia_file since commit cc4e69de from
5 Miklos (which is related to commit befc649c). Use this to pass
6 struct file down the setattr hooks. This allows LSMs to distinguish
7 operations on file descriptors from operations on paths.
9 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
10 Signed-off-by: John Johansen <jjohansen@suse.de>
11 Cc: Miklos Szeredi <mszeredi@suse.cz>
14 fs/nfsd/vfs.c | 12 +++++++-----
16 2 files changed, 11 insertions(+), 6 deletions(-)
20 @@ -425,7 +425,7 @@ static ssize_t nfsd_getxattr(struct dent
24 - buflen = vfs_getxattr(dentry, mnt, key, NULL, 0);
25 + buflen = vfs_getxattr(dentry, mnt, key, NULL, 0, NULL);
29 @@ -433,7 +433,7 @@ static ssize_t nfsd_getxattr(struct dent
33 - return vfs_getxattr(dentry, mnt, key, *buf, buflen);
34 + return vfs_getxattr(dentry, mnt, key, *buf, buflen, NULL);
38 @@ -459,7 +459,7 @@ set_nfsv4_acl_one(struct dentry *dentry,
42 - error = vfs_setxattr(dentry, mnt, key, buf, len, 0);
43 + error = vfs_setxattr(dentry, mnt, key, buf, len, 0, NULL);
47 @@ -2133,12 +2133,14 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i
51 - error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size,0);
52 + error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size, 0,
55 if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT)
58 - error = vfs_removexattr(fhp->fh_dentry, mnt, name);
59 + error = vfs_removexattr(fhp->fh_dentry, mnt, name,
61 if (error == -ENODATA)
66 @@ -623,7 +623,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
67 if (mode == (mode_t) -1)
69 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
70 - newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
71 + newattrs.ia_valid = ATTR_MODE | ATTR_CTIME | ATTR_FILE;
72 err = fnotify_change(dentry, file->f_path.mnt, &newattrs, file);
73 mutex_unlock(&inode->i_mutex);
74 mnt_drop_write(file->f_path.mnt);
75 @@ -686,6 +686,9 @@ static int chown_common(struct dentry *
76 if (!S_ISDIR(inode->i_mode))
78 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
80 + newattrs.ia_valid |= ATTR_FILE;
82 mutex_lock(&inode->i_mutex);
83 error = fnotify_change(dentry, mnt, &newattrs, file);
84 mutex_unlock(&inode->i_mutex);