Add a patch to fix Intel E100 wake-on-lan problems.

[ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.apparmor / security-mknod.diff

From: Tony Jones <tonyj@suse.de>
Subject: Pass struct vfsmount to the inode_mknod LSM hook

This is needed for computing pathnames in the AppArmor LSM.

Signed-off-by: Tony Jones <tonyj@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: John Johansen <jjohansen@suse.de>

---
 fs/namei.c               |    6 +++---
 include/linux/security.h |    7 +++++--
 security/capability.c    |    2 +-
 security/security.c      |    5 +++--
 security/selinux/hooks.c |    5 +++--
 5 files changed, 15 insertions(+), 10 deletions(-)

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1994,7 +1994,7 @@ int vfs_mknod(struct inode *dir, struct
        if (error)
                return error;
 
-       error = security_inode_mknod(dir, dentry, mode, dev);
+       error = security_inode_mknod(dir, dentry, mnt, mode, dev);
        if (error)
                return error;
 
@@ -2056,11 +2056,11 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
                        break;
                case S_IFCHR: case S_IFBLK:
                        error = vfs_mknod(nd.path.dentry->d_inode, dentry,
-                                         nd.path, mode, new_decode_dev(dev));
+                                         nd.path.mnt, mode, new_decode_dev(dev));
                        break;
                case S_IFIFO: case S_IFSOCK:
                        error = vfs_mknod(nd.path.dentry->d_inode, dentry,
-                                         nd.path, mode, 0);
+                                         nd.path.mnt, mode, 0);
                        break;
        }
        mnt_drop_write(nd.path.mnt);
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -377,6 +377,7 @@ static inline void security_free_mnt_opt
  *     and not this hook.
  *     @dir contains the inode structure of parent of the new file.
  *     @dentry contains the dentry structure of the new file.
+ *     @mnt is the vfsmount corresponding to @dentry (may be NULL).
  *     @mode contains the mode of the new file.
  *     @dev contains the device number.
  *     Return 0 if permission is granted.
@@ -1368,7 +1369,7 @@ struct security_operations {
                            struct vfsmount *mnt, int mode);
        int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
        int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
-                           int mode, dev_t dev);
+                           struct vfsmount *mnt, int mode, dev_t dev);
        int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
                             struct inode *new_dir, struct dentry *new_dentry);
        int (*inode_readlink) (struct dentry *dentry);
@@ -1637,7 +1638,8 @@ int security_inode_symlink(struct inode
 int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
                         struct vfsmount *mnt, int mode);
 int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
-int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
+int security_inode_mknod(struct inode *dir, struct dentry *dentry,
+                        struct vfsmount *mnt, int mode, dev_t dev);
 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
                          struct inode *new_dir, struct dentry *new_dentry);
 int security_inode_readlink(struct dentry *dentry);
@@ -2018,6 +2020,7 @@ static inline int security_inode_rmdir(s
 
 static inline int security_inode_mknod(struct inode *dir,
                                        struct dentry *dentry,
+                                       struct vfsmount *mnt,
                                        int mode, dev_t dev)
 {
        return 0;
--- a/security/capability.c
+++ b/security/capability.c
@@ -189,7 +189,7 @@ static int cap_inode_rmdir(struct inode
 }
 
 static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
-                          int mode, dev_t dev)
+                          struct vfsmount *mnt, int mode, dev_t dev)
 {
        return 0;
 }
--- a/security/security.c
+++ b/security/security.c
@@ -401,11 +401,12 @@ int security_inode_rmdir(struct inode *d
        return security_ops->inode_rmdir(dir, dentry);
 }
 
-int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+int security_inode_mknod(struct inode *dir, struct dentry *dentry,
+                        struct vfsmount *mnt, int mode, dev_t dev)
 {
        if (unlikely(IS_PRIVATE(dir)))
                return 0;
-       return security_ops->inode_mknod(dir, dentry, mode, dev);
+       return security_ops->inode_mknod(dir, dentry, mnt, mode, dev);
 }
 
 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2608,11 +2608,12 @@ static int selinux_inode_rmdir(struct in
        return may_link(dir, dentry, MAY_RMDIR);
 }
 
-static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry,
+                              struct vfsmount *mnt, int mode, dev_t dev)
 {
        int rc;
 
-       rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
+       rc = secondary_ops->inode_mknod(dir, dentry, mnt, mode, dev);
        if (rc)
                return rc;