1 From: Tony Jones <tonyj@suse.de>
2 Subject: Pass struct vfsmount to the inode_readlink LSM hook
4 This is needed for computing pathnames in the AppArmor LSM.
6 Signed-off-by: Tony Jones <tonyj@suse.de>
7 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
8 Signed-off-by: John Johansen <jjohansen@suse.de>
12 include/linux/security.h | 8 +++++---
13 security/capability.c | 2 +-
14 security/security.c | 4 ++--
15 security/selinux/hooks.c | 2 +-
16 5 files changed, 10 insertions(+), 8 deletions(-)
20 @@ -308,7 +308,7 @@ SYSCALL_DEFINE4(readlinkat, int, dfd, co
23 if (inode->i_op && inode->i_op->readlink) {
24 - error = security_inode_readlink(path.dentry);
25 + error = security_inode_readlink(path.dentry, path.mnt);
27 touch_atime(path.mnt, path.dentry);
28 error = inode->i_op->readlink(path.dentry,
29 --- a/include/linux/security.h
30 +++ b/include/linux/security.h
31 @@ -392,6 +392,7 @@ static inline void security_free_mnt_opt
33 * Check the permission to read the symbolic link.
34 * @dentry contains the dentry structure for the file link.
35 + * @mnt is the vfsmount corresponding to @dentry (may be NULL).
36 * Return 0 if permission is granted.
38 * Check permission to follow a symbolic link when looking up a pathname.
39 @@ -1373,7 +1374,7 @@ struct security_operations {
40 struct vfsmount *mnt, int mode, dev_t dev);
41 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
42 struct inode *new_dir, struct dentry *new_dentry);
43 - int (*inode_readlink) (struct dentry *dentry);
44 + int (*inode_readlink) (struct dentry *dentry, struct vfsmount *mnt);
45 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
46 int (*inode_permission) (struct inode *inode, int mask);
47 int (*inode_setattr) (struct dentry *dentry, struct vfsmount *,
48 @@ -1643,7 +1644,7 @@ int security_inode_mknod(struct inode *d
49 struct vfsmount *mnt, int mode, dev_t dev);
50 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
51 struct inode *new_dir, struct dentry *new_dentry);
52 -int security_inode_readlink(struct dentry *dentry);
53 +int security_inode_readlink(struct dentry *dentry, struct vfsmount *mnt);
54 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
55 int security_inode_permission(struct inode *inode, int mask);
56 int security_inode_setattr(struct dentry *dentry, struct vfsmount *mnt,
57 @@ -2036,7 +2037,8 @@ static inline int security_inode_rename(
61 -static inline int security_inode_readlink(struct dentry *dentry)
62 +static inline int security_inode_readlink(struct dentry *dentry,
63 + struct vfsmount *mnt)
67 --- a/security/capability.c
68 +++ b/security/capability.c
69 @@ -200,7 +200,7 @@ static int cap_inode_rename(struct inode
73 -static int cap_inode_readlink(struct dentry *dentry)
74 +static int cap_inode_readlink(struct dentry *dentry, struct vfsmount *mnt)
78 --- a/security/security.c
79 +++ b/security/security.c
80 @@ -422,11 +422,11 @@ int security_inode_rename(struct inode *
84 -int security_inode_readlink(struct dentry *dentry)
85 +int security_inode_readlink(struct dentry *dentry, struct vfsmount *mnt)
87 if (unlikely(IS_PRIVATE(dentry->d_inode)))
89 - return security_ops->inode_readlink(dentry);
90 + return security_ops->inode_readlink(dentry, mnt);
93 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
94 --- a/security/selinux/hooks.c
95 +++ b/security/selinux/hooks.c
96 @@ -2627,7 +2627,7 @@ static int selinux_inode_rename(struct i
97 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
100 -static int selinux_inode_readlink(struct dentry *dentry)
101 +static int selinux_inode_readlink(struct dentry *dentry, struct vfsmount *mnt)
103 return dentry_has_perm(current, NULL, dentry, FILE__READ);
projects / people / pmueller / ipfire-2.x.git / blob