]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/patches/suse-2.6.27.39/patches.apparmor/file-handle-ops.diff
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix oinkmaster patch.
[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.apparmor / file-handle-ops.diff
1 From: Andreas Gruenbacher <agruen@suse.de>
2 Subject: Enable LSM hooks to distinguish operations on file descriptors from operations on pathnames
3
4 Struct iattr already contains ia_file since commit cc4e69de from
5 Miklos (which is related to commit befc649c). Use this to pass
6 struct file down the setattr hooks. This allows LSMs to distinguish
7 operations on file descriptors from operations on paths.
8
9 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
10 Signed-off-by: John Johansen <jjohansen@suse.de>
11 Cc: Miklos Szeredi <mszeredi@suse.cz>
12
13 ---
14 fs/nfsd/vfs.c | 12 +++++++-----
15 fs/open.c | 5 ++++-
16 2 files changed, 11 insertions(+), 6 deletions(-)
17
18 --- a/fs/nfsd/vfs.c
19 +++ b/fs/nfsd/vfs.c
20 @@ -425,7 +425,7 @@ static ssize_t nfsd_getxattr(struct dent
21 {
22 ssize_t buflen;
23
24 - buflen = vfs_getxattr(dentry, mnt, key, NULL, 0);
25 + buflen = vfs_getxattr(dentry, mnt, key, NULL, 0, NULL);
26 if (buflen <= 0)
27 return buflen;
28
29 @@ -433,7 +433,7 @@ static ssize_t nfsd_getxattr(struct dent
30 if (!*buf)
31 return -ENOMEM;
32
33 - return vfs_getxattr(dentry, mnt, key, *buf, buflen);
34 + return vfs_getxattr(dentry, mnt, key, *buf, buflen, NULL);
35 }
36 #endif
37
38 @@ -459,7 +459,7 @@ set_nfsv4_acl_one(struct dentry *dentry,
39 goto out;
40 }
41
42 - error = vfs_setxattr(dentry, mnt, key, buf, len, 0);
43 + error = vfs_setxattr(dentry, mnt, key, buf, len, 0, NULL);
44 out:
45 kfree(buf);
46 return error;
47 @@ -2133,12 +2133,14 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i
48 if (error)
49 goto getout;
50 if (size)
51 - error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size,0);
52 + error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size, 0,
53 + NULL);
54 else {
55 if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT)
56 error = 0;
57 else {
58 - error = vfs_removexattr(fhp->fh_dentry, mnt, name);
59 + error = vfs_removexattr(fhp->fh_dentry, mnt, name,
60 + NULL);
61 if (error == -ENODATA)
62 error = 0;
63 }
64 --- a/fs/open.c
65 +++ b/fs/open.c
66 @@ -623,7 +623,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
67 if (mode == (mode_t) -1)
68 mode = inode->i_mode;
69 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
70 - newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
71 + newattrs.ia_valid = ATTR_MODE | ATTR_CTIME | ATTR_FILE;
72 err = fnotify_change(dentry, file->f_path.mnt, &newattrs, file);
73 mutex_unlock(&inode->i_mutex);
74 mnt_drop_write(file->f_path.mnt);
75 @@ -686,6 +686,9 @@ static int chown_common(struct dentry *
76 if (!S_ISDIR(inode->i_mode))
77 newattrs.ia_valid |=
78 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
79 + if (file)
80 + newattrs.ia_valid |= ATTR_FILE;
81 +
82 mutex_lock(&inode->i_mutex);
83 error = fnotify_change(dentry, mnt, &newattrs, file);
84 mutex_unlock(&inode->i_mutex);
Peter's tree of IPFire 2.x