1 From: Tony Jones <tonyj@suse.de>
2 Subject: Pass struct vfsmount to the inode_symlink LSM hook
4 This is needed for computing pathnames in the AppArmor LSM.
6 Signed-off-by: Tony Jones <tonyj@suse.de>
7 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
8 Signed-off-by: John Johansen <jjohansen@suse.de>
12 include/linux/security.h | 8 +++++---
13 security/capability.c | 2 +-
14 security/security.c | 4 ++--
15 security/selinux/hooks.c | 3 ++-
16 5 files changed, 11 insertions(+), 8 deletions(-)
20 @@ -2358,7 +2358,7 @@ int vfs_symlink(struct inode *dir, struc
21 if (!dir->i_op || !dir->i_op->symlink)
24 - error = security_inode_symlink(dir, dentry, oldname);
25 + error = security_inode_symlink(dir, dentry, mnt, oldname);
29 --- a/include/linux/security.h
30 +++ b/include/linux/security.h
31 @@ -355,6 +355,7 @@ static inline void security_free_mnt_opt
32 * Check the permission to create a symbolic link to a file.
33 * @dir contains the inode structure of parent directory of the symbolic link.
34 * @dentry contains the dentry structure of the symbolic link.
35 + * @mnt is the vfsmount corresponding to @dentry (may be NULL).
36 * @old_name contains the pathname of file.
37 * Return 0 if permission is granted.
39 @@ -1363,8 +1364,8 @@ struct security_operations {
40 int (*inode_link) (struct dentry *old_dentry,
41 struct inode *dir, struct dentry *new_dentry);
42 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
43 - int (*inode_symlink) (struct inode *dir,
44 - struct dentry *dentry, const char *old_name);
45 + int (*inode_symlink) (struct inode *dir, struct dentry *dentry,
46 + struct vfsmount *mnt, const char *old_name);
47 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
48 struct vfsmount *mnt, int mode);
49 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
50 @@ -1634,7 +1635,7 @@ int security_inode_link(struct dentry *o
51 struct dentry *new_dentry);
52 int security_inode_unlink(struct inode *dir, struct dentry *dentry);
53 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
54 - const char *old_name);
55 + struct vfsmount *mnt, const char *old_name);
56 int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
57 struct vfsmount *mnt, int mode);
58 int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
59 @@ -1999,6 +2000,7 @@ static inline int security_inode_unlink(
61 static inline int security_inode_symlink(struct inode *dir,
62 struct dentry *dentry,
63 + struct vfsmount *mnt,
67 --- a/security/capability.c
68 +++ b/security/capability.c
69 @@ -172,7 +172,7 @@ static int cap_inode_unlink(struct inode
72 static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
74 + struct vfsmount *mnt, const char *name)
78 --- a/security/security.c
79 +++ b/security/security.c
80 @@ -382,11 +382,11 @@ int security_inode_unlink(struct inode *
83 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
84 - const char *old_name)
85 + struct vfsmount *mnt, const char *old_name)
87 if (unlikely(IS_PRIVATE(dir)))
89 - return security_ops->inode_symlink(dir, dentry, old_name);
90 + return security_ops->inode_symlink(dir, dentry, mnt, old_name);
93 int security_inode_mkdir(struct inode *dir, struct dentry *dentry,
94 --- a/security/selinux/hooks.c
95 +++ b/security/selinux/hooks.c
96 @@ -2592,7 +2592,8 @@ static int selinux_inode_unlink(struct i
97 return may_link(dir, dentry, MAY_UNLINK);
100 -static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
101 +static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry,
102 + struct vfsmount *mnt, const char *name)
104 return may_create(dir, dentry, SECCLASS_LNK_FILE);
projects / people / pmueller / ipfire-2.x.git / blob