Re: [RFC PATCH] audit: force seccomp event logging to honor the audit_enabled flag
On 11/23/2015 02:20 PM, Paul Moore wrote: > Previously we were emitting seccomp audit records regardless of the > audit_enabled setting, a deparature from the rest of audit. This > patch makes seccomp auditing consistent with the rest of the audit > record generation code in that when audit_enabled=0 nothing is logged > by the audit subsystem. > > The bulk of this patch is moving the CONFIG_AUDIT block ahead of the > CONFIG_AUDITSYSCALL block in include/linux/audit.h; the only real > code change was in the audit_seccomp() definition. > > Reported-by: Tony Jones > Signed-off-by: Paul Moore Seems pretty much the same (functionally) as the patch I posted to audit list on 10/12/2015 except that didn't hoist the entire block. Signed-off-by: Tony Jones -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: seccomp and audit_enabled
On 11/06/2015 01:36 PM, Tony Jones wrote: > On 10/13/2015 12:19 PM, Paul Moore wrote: > >> Yes, if systemd is involved it enables audit; we've had some >> discussions with the systemd folks about fixing that, but they haven't >> gone very far. I'm still a little curious as to why >> audit_dummy_context() is false in this case, but I haven't looked at >> how systemd/auditctl start/config the system too closely. > > Sorry for the delay here. > > A context is allocated by audit_alloc() because there is no uid/gid filter > for the task > but the dummy flag is left false. Because audit has been disabled (manually > following systemd enabling), > dummy never gets set in the syscall entry path (based on !audit_n_rules). So > the unlikely(!audit_dummy_context()) > in audit_seccomp succeeds. > > Tony Any comments on this? Current interaction between enabled_enabled and dummy flag seems wrong to me. I can code up a patch. Tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: seccomp and audit_enabled
On 10/13/2015 01:03 PM, Steve Grubb wrote: >> No, it's the default audit.rules (-D, -b320). No actual rules loaded. >> Let me add some instrumentation and figure out what's going on. auditd >> is masked (via systemd) but systemd-journal seems to set audit_enabled=1 >> during startup (at least on our systems). > > Tony, > > We have bz 1227379 > https://bugzilla.redhat.com/show_bug.cgi?id=1227379 > > There is a patch attached to disable systemd's propensity to turn on the > audit > system. Are people complaining and opening bugs in your distribution? If so, > that might add more ammunition to get that fixed. Hi Steve we only have the one bug and it's related to: 1) noisy klog between when systemd enables audit and user manually disables it (rh bz#1160046) 2) after user manually disables audit (audit_enabled=0) seccomp messages still are output. tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: seccomp and audit_enabled
On 10/13/2015 12:19 PM, Paul Moore wrote: > Yes, if systemd is involved it enables audit; we've had some > discussions with the systemd folks about fixing that, but they haven't > gone very far. I'm still a little curious as to why > audit_dummy_context() is false in this case, but I haven't looked at > how systemd/auditctl start/config the system too closely. Sorry for the delay here. A context is allocated by audit_alloc() because there is no uid/gid filter for the task but the dummy flag is left false. Because audit has been disabled (manually following systemd enabling), dummy never gets set in the syscall entry path (based on !audit_n_rules). So the unlikely(!audit_dummy_context()) in audit_seccomp succeeds. Tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: seccomp and audit_enabled
On 10/13/2015 12:19 PM, Paul Moore wrote: >> No, it's the default audit.rules (-D, -b320). No actual rules loaded. >> Let me add some instrumentation and figure out what's going on. auditd >> is masked (via systemd) but systemd-journal seems to set audit_enabled=1 >> during startup (at least on our systems). > > Yes, if systemd is involved it enables audit; we've had some > discussions with the systemd folks about fixing that, but they haven't > gone very far. I'm still a little curious as to why > audit_dummy_context() is false in this case, but I haven't looked at > how systemd/auditctl start/config the system too closely. I'll debug what's going on (easy) on the test system and report back. I'm curious too. Have a bad cold today so I'm moving slower than normal. > I don't really care if it is audit or not (although we will need to > output something via audit if it is enabled to keep the CC crowd > happy); if you feel strongly that it isn't audit, we can just make it > a printk, that would work well with Kees' goals. To me the important > point here is that we send a message when seccomp alters the behavior > of the syscall (action != ALLOW). Yes, if audit is enabled, you should totally be able to use it. Rest sounds good also. thanks! Tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: seccomp and audit_enabled
On 10/13/2015 09:11 AM, Paul Moore wrote: > On Mon, Oct 12, 2015 at 4:45 PM, Kees Cook wrote: >> On Mon, Oct 12, 2015 at 10:53 AM, Tony Jones wrote: >>> From d6971ec9508244f7a1ab42f9ac4c59b7e1ca6145 Mon Sep 17 00:00:00 2001 >>> From: Tony Jones >>> Date: Sat, 10 Oct 2015 19:30:49 -0700 >>> Subject: [PATCH] Don't log seccomp messages when audit is disabled >>> >>> Don't log seccomp messages when audit is disabled. >> >> This is intentional since violation of a seccomp policy ought to >> indicate a misbehaving program, and we want these to always be >> presented to the system log, regardless of audit being enabled. (I'd >> like to even produce system log entries when there is no CONFIG_AUDIT >> too, but that's for the future.) > > I agree. As I mentioned earlier these AUDIT_SECCOMP records are very handy. > >>> diff --git a/include/linux/audit.h b/include/linux/audit.h >>> index b2abc99..8f70f3f 100644 >>> --- a/include/linux/audit.h >>> +++ b/include/linux/audit.h >>> @@ -113,6 +113,12 @@ struct filename; >>> >>> extern void audit_log_session_info(struct audit_buffer *ab); >>> >>> +#ifdef CONFIG_AUDIT >>> +extern u32 audit_enabled; >>> +#else >>> +#define audit_enabled 0 >>> +#endif >>> + >>> #ifdef CONFIG_AUDIT_COMPAT_GENERIC >>> #define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) >>> #else >>> @@ -213,7 +219,7 @@ void audit_core_dumps(long signr); >>> static inline void audit_seccomp(unsigned long syscall, long signr, int >>> code) >>> { >>> /* Force a record to be reported if a signal was delivered. */ >>> - if (signr || unlikely(!audit_dummy_context())) >> >> What is dummy_context part of this actually do? I don't think reports >> should be made when signr == 0. > > The idea behind audit_dummy_context() is to skip auditing when there > are no audit rules configured, it's a performance tweak. My guess is > that Tony's system loads some audit configuration at boot which > enables audit (the kernel starts with audit_enabled=0 ...) and loads a > few syscall filter rules which are enough to make > audit_dummy_context() return false. Can you confirm that Tony? No, it's the default audit.rules (-D, -b320). No actual rules loaded. Let me add some instrumentation and figure out what's going on. auditd is masked (via systemd) but systemd-journal seems to set audit_enabled=1 during startup (at least on our systems). > As for logging seccomp actions when signr == 0, I personally think > that still might be useful as the normal behavior has been altered; I > tend to think any action != ALLOW is worth logging. However, I'm open > to discussion on this if others feel strongly. > >>> + if (audit_enabled && (signr || unlikely(!audit_dummy_context( >>> __audit_seccomp(syscall, signr, code); >>> } I'm of the opinion that nothing should get output (through the audit system) if audit_enabled == 0. What you advocate calls for more than 2 possible states for audit_enabled or logging the information through another mechanism than audit. Tony -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: seccomp and audit_enabled
On 10/12/2015 08:40 AM, Paul Moore wrote: > My apologies for the resend, I had the wrong email for Kees. > > On Monday, October 12, 2015 11:29:43 AM Paul Moore wrote: >> On Friday, October 09, 2015 08:50:01 PM Tony Jones wrote: >>> Hi. >>> >>> What is the expected handling of AUDIT_SECCOMP if audit_enabled == 0? >>> Opera browser makes use of a sandbox and if audit_enabled == 0 (and no >>> auditd is running) there is a lot of messages dumped to the klog. The fix >>> to __audit_seccomp() is trivial, similar to c2412d91c and I can send a >>> patch, I'm just not sure if seccomp is somehow special? >> >> I'm adding Kees to this since he looks after the seccomp kernel bits these >> days. While there isn't anything special about seccomp from an audit >> perspective, the seccomp audit record can be a really nice thing as it is >> the only indication you may get that seccomp has stepped in and done >> "something" other than allow the syscall to progress normally. The issue is that (without auditd running) the messages are output to klog regardless of whether audit_enabled is 0 or 1. As I said, other occurrences of this such as with login events has been corrected (c2412d91c). Attached patch does same for seccomp. >> I would be a little more concerned that you are seeing a flood of seccomp >> messages from Opera, that is something that most likely warrants some closer >> inspection. Are all the records the same/similar? Can you paste some into >> email? Here is the logged messages per invocation of opera. the use of the sandbox may well be the result of a local suse config/packaging decision but I'm not sure that's relevant. 2015-10-10T19:35:23.237882-07:00 nohostname kernel: [ 152.100348] audit: type=1326 audit(1444530923.236:356): auid=1000 uid=1000 gid=100 ses=1 pid=2048 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=91 compat=0 ip=0x7ff926d94ab7 code=0x5 2015-10-10T19:35:23.242867-07:00 nohostname kernel: [ 152.105690] audit: type=1326 audit(1444530923.241:357): auid=1000 uid=1000 gid=100 ses=1 pid=2087 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=273 compat=0 ip=0x7ff928325444 code=0x5 2015-10-10T19:35:23.242873-07:00 nohostname kernel: [ 152.105938] audit: type=1326 audit(1444530923.241:358): auid=1000 uid=1000 gid=100 ses=1 pid=2089 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=273 compat=0 ip=0x7ff928325444 code=0x5 2015-10-10T19:35:23.243890-07:00 nohostname kernel: [ 152.106845] audit: type=1326 audit(1444530923.242:359): auid=1000 uid=1000 gid=100 ses=1 pid=2048 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=2 compat=0 ip=0x7ff926d6daa1 code=0x3 2015-10-10T19:35:23.275872-07:00 nohostname kernel: [ 152.138819] audit: type=1326 audit(1444530923.273:360): auid=1000 uid=1000 gid=100 ses=1 pid=2093 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=91 compat=0 ip=0x7f92e4bd7ab7 code=0x5 2015-10-10T19:35:23.275885-07:00 nohostname kernel: [ 152.138937] audit: type=1326 audit(1444530923.274:361): auid=1000 uid=1000 gid=100 ses=1 pid=2093 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=91 compat=0 ip=0x7f92e4bd7ab7 code=0x5 2015-10-10T19:35:23.280867-07:00 nohostname kernel: [ 152.143147] audit: type=1326 audit(1444530923.279:362): auid=1000 uid=1000 gid=100 ses=1 pid=2096 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=273 compat=0 ip=0x7f92e6168444 code=0x5 2015-10-10T19:35:23.282055-07:00 nohostname kernel: [ 152.144762] audit: type=1326 audit(1444530923.280:363): auid=1000 uid=1000 gid=100 ses=1 pid=2093 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=2 compat=0 ip=0x7f92eb5f8587 code=0x5 2015-10-10T19:35:23.282062-07:00 nohostname kernel: [ 152.144890] audit: type=1326 audit(1444530923.280:364): auid=1000 uid=1000 gid=100 ses=1 pid=2093 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=2 compat=0 ip=0x7f92e4b2ac8c code=0x5 2015-10-10T19:35:23.282063-07:00 nohostname kernel: [ 152.144988] audit: type=1326 audit(1444530923.280:365): auid=1000 uid=1000 gid=100 ses=1 pid=2093 comm="opera" exe="/usr/lib64/opera/opera" sig=0 arch=c03e syscall=2 compat=0 ip=0x7f92e4b2ad70 code=0x5 thanks tony >From d6971ec9508244f7a1ab42f9ac4c59b7e1ca6145 Mon Sep 17 00:00:00 2001 From: Tony Jones Date: Sat, 10 Oct 2015 19:30:49 -0700 Subject: [PATCH] Don't log seccomp messages when audit is disabled Don't log seccomp messages when audit is
[RFC 6/28] Add struct vfsmount parameter to vfs_mkdir()
Add struct vfsmount parameter to vfs_mkdir() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -501,11 +501,14 @@ static int ecryptfs_mkdir(struct inode * { int rc; struct dentry *lower_dentry; + struct vfsmount *lower_mnt; struct dentry *lower_dir_dentry; lower_dentry = ecryptfs_dentry_to_lower(dentry); + lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); lower_dir_dentry = lock_parent(lower_dentry); - rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); + rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, lower_mnt, + mode); if (rc || !lower_dentry->d_inode) goto out; rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -1916,7 +1916,8 @@ asmlinkage long sys_mknod(const char __u return sys_mknodat(AT_FDCWD, filename, mode, dev); } -int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) +int vfs_mkdir(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, + int mode) { int error = may_create(dir, dentry, NULL); @@ -1960,7 +1961,7 @@ asmlinkage long sys_mkdirat(int dfd, con if (!IS_POSIXACL(nd.dentry->d_inode)) mode &= ~current->fs->umask; - error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); + error = vfs_mkdir(nd.dentry->d_inode, dentry, nd.mnt, mode); dput(dentry); out_unlock: mutex_unlock(&nd.dentry->d_inode->i_mutex); Index: linux-2.6/fs/nfsd/nfs4recover.c === --- linux-2.6.orig/fs/nfsd/nfs4recover.c +++ linux-2.6/fs/nfsd/nfs4recover.c @@ -156,7 +156,7 @@ nfsd4_create_clid_dir(struct nfs4_client dprintk("NFSD: nfsd4_create_clid_dir: DIRECTORY EXISTS\n"); goto out_put; } - status = vfs_mkdir(rec_dir.dentry->d_inode, dentry, S_IRWXU); + status = vfs_mkdir(rec_dir.dentry->d_inode, dentry, NULL, S_IRWXU); out_put: dput(dentry); out_unlock: Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1183,7 +1183,7 @@ nfsd_create(struct svc_rqst *rqstp, stru host_err = vfs_create(dirp, dchild, iap->ia_mode, NULL); break; case S_IFDIR: - host_err = vfs_mkdir(dirp, dchild, iap->ia_mode); + host_err = vfs_mkdir(dirp, dchild, NULL, iap->ia_mode); break; case S_IFCHR: case S_IFBLK: Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -979,7 +979,7 @@ extern void unlock_super(struct super_bl */ extern int vfs_permission(struct nameidata *, int); extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *); -extern int vfs_mkdir(struct inode *, struct dentry *, int); +extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int); extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t); extern int vfs_symlink(struct inode *, struct dentry *, const char *, int); extern int vfs_link(struct dentry *, struct inode *, struct dentry *); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 7/28] Pass struct vfsmount to the inode_mkdir LSM hook
Pass struct vfsmount to the inode_mkdir LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -1928,7 +1928,7 @@ int vfs_mkdir(struct inode *dir, struct return -EPERM; mode &= (S_IRWXUGO|S_ISVTX); - error = security_inode_mkdir(dir, dentry, mode); + error = security_inode_mkdir(dir, dentry, mnt, mode); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -308,6 +308,7 @@ struct request_sock; * associated with inode strcture @dir. * @dir containst the inode structure of parent of the directory to be created. * @dentry contains the dentry structure of new directory. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * @mode contains the mode of new directory. * Return 0 if permission is granted. * @inode_rmdir: @@ -1213,7 +1214,8 @@ struct security_operations { int (*inode_unlink) (struct inode *dir, struct dentry *dentry); int (*inode_symlink) (struct inode *dir, struct dentry *dentry, const char *old_name); - int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); + int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mode); int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); int (*inode_mknod) (struct inode *dir, struct dentry *dentry, int mode, dev_t dev); @@ -1650,11 +1652,12 @@ static inline int security_inode_symlink static inline int security_inode_mkdir (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mode) { if (unlikely (IS_PRIVATE (dir))) return 0; - return security_ops->inode_mkdir (dir, dentry, mode); + return security_ops->inode_mkdir (dir, dentry, mnt, mode); } static inline int security_inode_rmdir (struct inode *dir, @@ -2371,6 +2374,7 @@ static inline int security_inode_symlink static inline int security_inode_mkdir (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mode) { return 0; Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -288,7 +288,7 @@ static int dummy_inode_symlink (struct i } static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry, - int mask) + struct vfsmount *mnt, int mask) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2166,7 +2166,8 @@ static int selinux_inode_symlink(struct return may_create(dir, dentry, SECCLASS_LNK_FILE); } -static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mask) { return may_create(dir, dentry, SECCLASS_DIR); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 10/28] Add a struct vfsmount parameter to vfs_symlink()
Add a struct vfsmount parameter to vfs_symlink() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -462,6 +462,7 @@ static int ecryptfs_symlink(struct inode { int rc; struct dentry *lower_dentry; + struct vfsmount *lower_mnt; struct dentry *lower_dir_dentry; umode_t mode; char *encoded_symname; @@ -470,6 +471,7 @@ static int ecryptfs_symlink(struct inode lower_dentry = ecryptfs_dentry_to_lower(dentry); dget(lower_dentry); + lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); lower_dir_dentry = lock_parent(lower_dentry); mode = S_IALLUGO; encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, @@ -479,7 +481,7 @@ static int ecryptfs_symlink(struct inode rc = encoded_symlen; goto out_lock; } - rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, + rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, lower_mnt, encoded_symname, mode); kfree(encoded_symname); if (rc || !lower_dentry->d_inode) Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2185,7 +2185,8 @@ asmlinkage long sys_unlink(const char __ return do_unlinkat(AT_FDCWD, pathname); } -int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode) +int vfs_symlink(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, + const char *oldname, int mode) { int error = may_create(dir, dentry, NULL); @@ -2231,7 +2232,8 @@ asmlinkage long sys_symlinkat(const char if (IS_ERR(dentry)) goto out_unlock; - error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); + error = vfs_symlink(nd.dentry->d_inode, dentry, nd.mnt, from, + S_IALLUGO); dput(dentry); out_unlock: mutex_unlock(&nd.dentry->d_inode->i_mutex); Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1463,11 +1463,12 @@ nfsd_symlink(struct svc_rqst *rqstp, str else { strncpy(path_alloced, path, plen); path_alloced[plen] = 0; - host_err = vfs_symlink(dentry->d_inode, dnew, path_alloced, mode); + host_err = vfs_symlink(dentry->d_inode, dnew, NULL, + path_alloced, mode); kfree(path_alloced); } } else - host_err = vfs_symlink(dentry->d_inode, dnew, path, mode); + host_err = vfs_symlink(dentry->d_inode, dnew, NULL, path, mode); if (!host_err) { if (EX_ISSYNC(fhp->fh_export)) Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -981,7 +981,7 @@ extern int vfs_permission(struct nameida extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *); extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int); extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t); -extern int vfs_symlink(struct inode *, struct dentry *, const char *, int); +extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int); extern int vfs_link(struct dentry *, struct inode *, struct dentry *); extern int vfs_rmdir(struct inode *, struct dentry *); extern int vfs_unlink(struct inode *, struct dentry *); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 8/28] Add a struct vfsmount parameter to vfs_mknod()
Add a struct vfsmount parameter to vfs_mknod() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -552,11 +552,14 @@ ecryptfs_mknod(struct inode *dir, struct { int rc; struct dentry *lower_dentry; + struct vfsmount *lower_mnt; struct dentry *lower_dir_dentry; lower_dentry = ecryptfs_dentry_to_lower(dentry); + lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); lower_dir_dentry = lock_parent(lower_dentry); - rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev); + rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, lower_mnt, mode, + dev); if (rc || !lower_dentry->d_inode) goto out; rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -1837,7 +1837,8 @@ fail: } EXPORT_SYMBOL_GPL(lookup_create); -int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +int vfs_mknod(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, + int mode, dev_t dev) { int error = may_create(dir, dentry, NULL); @@ -1889,11 +1890,12 @@ asmlinkage long sys_mknodat(int dfd, con error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); break; case S_IFCHR: case S_IFBLK: - error = vfs_mknod(nd.dentry->d_inode,dentry,mode, - new_decode_dev(dev)); + error = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt, + mode, new_decode_dev(dev)); break; case S_IFIFO: case S_IFSOCK: - error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); + error = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt, + mode, 0); break; case S_IFDIR: error = -EPERM; Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1189,7 +1189,7 @@ nfsd_create(struct svc_rqst *rqstp, stru case S_IFBLK: case S_IFIFO: case S_IFSOCK: - host_err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev); + host_err = vfs_mknod(dirp, dchild, NULL, iap->ia_mode, rdev); break; default: printk("nfsd: bad file type %o in nfsd_create\n", type); Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -980,7 +980,7 @@ extern void unlock_super(struct super_bl extern int vfs_permission(struct nameidata *, int); extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *); extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int); -extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t); +extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t); extern int vfs_symlink(struct inode *, struct dentry *, const char *, int); extern int vfs_link(struct dentry *, struct inode *, struct dentry *); extern int vfs_rmdir(struct inode *, struct dentry *); Index: linux-2.6/net/unix/af_unix.c === --- linux-2.6.orig/net/unix/af_unix.c +++ linux-2.6/net/unix/af_unix.c @@ -808,7 +808,7 @@ static int unix_bind(struct socket *sock */ mode = S_IFSOCK | (SOCK_INODE(sock)->i_mode & ~current->fs->umask); - err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); + err = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt, mode, 0); if (err) goto out_mknod_dput; mutex_unlock(&nd.dentry->d_inode->i_mutex); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 11/28] Pass struct vfsmount to the inode_symlink LSM hook.
Pass struct vfsmount to the inode_symlink LSM hook. Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2196,7 +2196,7 @@ int vfs_symlink(struct inode *dir, struc if (!dir->i_op || !dir->i_op->symlink) return -EPERM; - error = security_inode_symlink(dir, dentry, oldname); + error = security_inode_symlink(dir, dentry, mnt, oldname); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -301,6 +301,7 @@ struct request_sock; * Check the permission to create a symbolic link to a file. * @dir contains the inode structure of parent directory of the symbolic link. * @dentry contains the dentry structure of the symbolic link. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * @old_name contains the pathname of file. * Return 0 if permission is granted. * @inode_mkdir: @@ -1213,8 +1214,8 @@ struct security_operations { int (*inode_link) (struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry); int (*inode_unlink) (struct inode *dir, struct dentry *dentry); - int (*inode_symlink) (struct inode *dir, - struct dentry *dentry, const char *old_name); + int (*inode_symlink) (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, const char *old_name); int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, int mode); int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); @@ -1644,11 +1645,12 @@ static inline int security_inode_unlink static inline int security_inode_symlink (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, const char *old_name) { if (unlikely (IS_PRIVATE (dir))) return 0; - return security_ops->inode_symlink (dir, dentry, old_name); + return security_ops->inode_symlink (dir, dentry, mnt, old_name); } static inline int security_inode_mkdir (struct inode *dir, @@ -2369,6 +2371,7 @@ static inline int security_inode_unlink static inline int security_inode_symlink (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, const char *old_name) { return 0; Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -282,7 +282,7 @@ static int dummy_inode_unlink (struct in } static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry, - const char *name) + struct vfsmount *mnt, const char *name) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2161,7 +2161,8 @@ static int selinux_inode_unlink(struct i return may_link(dir, dentry, MAY_UNLINK); } -static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name) +static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, +struct vfsmount *mnt, const char *name) { return may_create(dir, dentry, SECCLASS_LNK_FILE); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 14/28] Pass struct vfsmount to the inode_link LSM hook
Pass the struct vfsmounts to the inode_link LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2275,7 +2275,8 @@ int vfs_link(struct dentry *old_dentry, if (S_ISDIR(old_dentry->d_inode->i_mode)) return -EPERM; - error = security_inode_link(old_dentry, dir, new_dentry); + error = security_inode_link(old_dentry, old_mnt, dir, new_dentry, + new_mnt); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -289,8 +289,10 @@ struct request_sock; * @inode_link: * Check permission before creating a new hard link to a file. * @old_dentry contains the dentry structure for an existing link to the file. + * @old_mnt is the vfsmount corresponding to @old_dentry (may be NULL). * @dir contains the inode structure of the parent directory of the new link. * @new_dentry contains the dentry structure for the new link. + * @new_mnt is the vfsmount corresponding to @new_dentry (may be NULL). * Return 0 if permission is granted. * @inode_unlink: * Check the permission to remove a hard link to a file. @@ -1212,8 +1214,9 @@ struct security_operations { char **name, void **value, size_t *len); int (*inode_create) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, int mode); - int (*inode_link) (struct dentry *old_dentry, - struct inode *dir, struct dentry *new_dentry); + int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt, + struct inode *dir, struct dentry *new_dentry, + struct vfsmount *new_mnt); int (*inode_unlink) (struct inode *dir, struct dentry *dentry); int (*inode_symlink) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, const char *old_name); @@ -1628,12 +1631,15 @@ static inline int security_inode_create } static inline int security_inode_link (struct dentry *old_dentry, + struct vfsmount *old_mnt, struct inode *dir, - struct dentry *new_dentry) + struct dentry *new_dentry, + struct vfsmount *new_mnt) { if (unlikely (IS_PRIVATE (old_dentry->d_inode))) return 0; - return security_ops->inode_link (old_dentry, dir, new_dentry); + return security_ops->inode_link (old_dentry, old_mnt, dir, +new_dentry, new_mnt); } static inline int security_inode_unlink (struct inode *dir, @@ -2359,8 +2365,10 @@ static inline int security_inode_create } static inline int security_inode_link (struct dentry *old_dentry, + struct vfsmount *old_mnt, struct inode *dir, - struct dentry *new_dentry) + struct dentry *new_dentry, + struct vfsmount *new_mnt) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -270,8 +270,10 @@ static int dummy_inode_create (struct in return 0; } -static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, -struct dentry *new_dentry) +static int dummy_inode_link (struct dentry *old_dentry, +struct vfsmount *old_mnt, struct inode *inode, +struct dentry *new_dentry, +struct vfsmount *new_mnt) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2141,11 +2141,16 @@ static int selinux_inode_create(struct i return may_create(dir, dentry, SECCLASS_FILE); } -static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) +static int selinux_inode_link(struct dentry *old_dentry, + struct vfsmount *old_mnt, + struct inode *dir, + struct dentry *new_dentry, +
[RFC 12/28] Pass struct vfsmount to the inode_readlink LSM hook
Pass struct vfsmount to the inode_readlink LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/stat.c === --- linux-2.6.orig/fs/stat.c +++ linux-2.6/fs/stat.c @@ -307,7 +307,7 @@ asmlinkage long sys_readlinkat(int dfd, error = -EINVAL; if (inode->i_op && inode->i_op->readlink) { - error = security_inode_readlink(nd.dentry); + error = security_inode_readlink(nd.dentry, nd.mnt); if (!error) { touch_atime(nd.mnt, nd.dentry); error = inode->i_op->readlink(nd.dentry, buf, bufsiz); Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -338,6 +338,7 @@ struct request_sock; * @inode_readlink: * Check the permission to read the symbolic link. * @dentry contains the dentry structure for the file link. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * Return 0 if permission is granted. * @inode_follow_link: * Check permission to follow a symbolic link when looking up a pathname. @@ -1223,7 +1224,7 @@ struct security_operations { struct vfsmount *mnt, int mode, dev_t dev); int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry); - int (*inode_readlink) (struct dentry *dentry); + int (*inode_readlink) (struct dentry *dentry, struct vfsmount *mnt); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); int (*inode_setattr) (struct dentry *dentry, struct vfsmount *mnt, @@ -1693,11 +1694,12 @@ static inline int security_inode_rename new_dir, new_dentry); } -static inline int security_inode_readlink (struct dentry *dentry) +static inline int security_inode_readlink (struct dentry *dentry, + struct vfsmount *mnt) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_readlink (dentry); + return security_ops->inode_readlink (dentry, mnt); } static inline int security_inode_follow_link (struct dentry *dentry, @@ -2407,7 +2409,8 @@ static inline int security_inode_rename return 0; } -static inline int security_inode_readlink (struct dentry *dentry) +static inline int security_inode_readlink (struct dentry *dentry, + struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -312,7 +312,7 @@ static int dummy_inode_rename (struct in return 0; } -static int dummy_inode_readlink (struct dentry *dentry) +static int dummy_inode_readlink (struct dentry *dentry, struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2196,7 +2196,7 @@ static int selinux_inode_rename(struct i return may_rename(old_inode, old_dentry, new_inode, new_dentry); } -static int selinux_inode_readlink(struct dentry *dentry) +static int selinux_inode_readlink(struct dentry *dentry, struct vfsmount *mnt) { return dentry_has_perm(current, NULL, dentry, FILE__READ); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 18/28] Pass struct vfsmount to the inode_unlink LSM hook
Pass struct vfsmount to the inode_unlink LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2102,7 +2102,7 @@ int vfs_unlink(struct inode *dir, struct if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_inode_unlink(dir, dentry); + error = security_inode_unlink(dir, dentry, mnt); if (!error) error = dir->i_op->unlink(dir, dentry); } Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -298,6 +298,7 @@ struct request_sock; * Check the permission to remove a hard link to a file. * @dir contains the inode structure of parent directory of the file. * @dentry contains the dentry structure for file to be unlinked. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * Return 0 if permission is granted. * @inode_symlink: * Check the permission to create a symbolic link to a file. @@ -1218,7 +1219,8 @@ struct security_operations { int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt, struct inode *dir, struct dentry *new_dentry, struct vfsmount *new_mnt); - int (*inode_unlink) (struct inode *dir, struct dentry *dentry); + int (*inode_unlink) (struct inode *dir, struct dentry *dentry, +struct vfsmount *mnt); int (*inode_symlink) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, const char *old_name); int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, @@ -1645,11 +1647,12 @@ static inline int security_inode_link (s } static inline int security_inode_unlink (struct inode *dir, -struct dentry *dentry) +struct dentry *dentry, +struct vfsmount *mnt) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_unlink (dir, dentry); + return security_ops->inode_unlink (dir, dentry, mnt); } static inline int security_inode_symlink (struct inode *dir, @@ -2377,7 +2380,8 @@ static inline int security_inode_link (s } static inline int security_inode_unlink (struct inode *dir, -struct dentry *dentry) +struct dentry *dentry, +struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -278,7 +278,8 @@ static int dummy_inode_link (struct dent return 0; } -static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry) +static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry, + struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2156,11 +2156,12 @@ static int selinux_inode_link(struct den return may_link(dir, old_dentry, MAY_LINK); } -static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) +static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt) { int rc; - rc = secondary_ops->inode_unlink(dir, dentry); + rc = secondary_ops->inode_unlink(dir, dentry, mnt); if (rc) return rc; return may_link(dir, dentry, MAY_UNLINK); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 9/28] Pass struct vfsmount to the inode_mknod LSM hook
Pass struct vfsmount to the inode_mknod LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -1851,7 +1851,7 @@ int vfs_mknod(struct inode *dir, struct if (!dir->i_op || !dir->i_op->mknod) return -EPERM; - error = security_inode_mknod(dir, dentry, mode, dev); + error = security_inode_mknod(dir, dentry, mnt, mode, dev); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -323,6 +323,7 @@ struct request_sock; * and not this hook. * @dir contains the inode structure of parent of the new file. * @dentry contains the dentry structure of the new file. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * @mode contains the mode of the new file. * @dev contains the the device number. * Return 0 if permission is granted. @@ -1218,7 +1219,7 @@ struct security_operations { struct vfsmount *mnt, int mode); int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); int (*inode_mknod) (struct inode *dir, struct dentry *dentry, - int mode, dev_t dev); + struct vfsmount *mnt, int mode, dev_t dev); int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry); int (*inode_readlink) (struct dentry *dentry); @@ -1670,11 +1671,12 @@ static inline int security_inode_rmdir ( static inline int security_inode_mknod (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mode, dev_t dev) { if (unlikely (IS_PRIVATE (dir))) return 0; - return security_ops->inode_mknod (dir, dentry, mode, dev); + return security_ops->inode_mknod (dir, dentry, mnt, mode, dev); } static inline int security_inode_rename (struct inode *old_dir, @@ -2388,6 +2390,7 @@ static inline int security_inode_rmdir ( static inline int security_inode_mknod (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mode, dev_t dev) { return 0; Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -299,7 +299,7 @@ static int dummy_inode_rmdir (struct ino } static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry, - int mode, dev_t dev) + struct vfsmount *mnt, int mode, dev_t dev) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2177,11 +2177,12 @@ static int selinux_inode_rmdir(struct in return may_link(dir, dentry, MAY_RMDIR); } -static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) +static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, int mode, dev_t dev) { int rc; - rc = secondary_ops->inode_mknod(dir, dentry, mode, dev); + rc = secondary_ops->inode_mknod(dir, dentry, mnt, mode, dev); if (rc) return rc; - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 4/28] Add a vfsmount parameter to notify_change()
Add a vfsmount parameter to notify_change() The vfsmount parameter must be set appropriately for files visibile outside the kernel. Files that are only used in a filesystem (e.g., reiserfs xattr files) will have a NULL vfsmount. The kernel nfsd also doesn't have the necessary context for client requests. We cannot put it under any pathname based policy, and also set vfsmount to NULL there. The next patch passes the vfsmount to the inode_setattr LSM hook. Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/attr.c === --- linux-2.6.orig/fs/attr.c +++ linux-2.6/fs/attr.c @@ -101,7 +101,8 @@ int inode_setattr(struct inode * inode, } EXPORT_SYMBOL(inode_setattr); -int notify_change(struct dentry * dentry, struct iattr * attr) +int notify_change(struct dentry *dentry, struct vfsmount *mnt, + struct iattr *attr) { struct inode *inode = dentry->d_inode; mode_t mode; Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -1457,8 +1457,8 @@ static inline int break_lease(struct ino /* fs/open.c */ -extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, - struct file *filp); +extern int do_truncate(struct dentry *, struct vfsmount *, loff_t start, + unsigned int time_attrs, struct file *filp); extern long do_sys_open(int fdf, const char __user *filename, int flags, int mode); extern struct file *filp_open(const char *, int, int); @@ -1605,7 +1605,7 @@ extern int do_remount_sb(struct super_bl #ifdef CONFIG_BLOCK extern sector_t bmap(struct inode *, sector_t); #endif -extern int notify_change(struct dentry *, struct iattr *); +extern int notify_change(struct dentry *, struct vfsmount *, struct iattr *); extern int permission(struct inode *, int, struct nameidata *); extern int generic_permission(struct inode *, int, int (*check_acl)(struct inode *, int)); Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -856,12 +856,14 @@ static int ecryptfs_setattr(struct dentr { int rc = 0; struct dentry *lower_dentry; + struct vfsmount *lower_mnt; struct inode *inode; struct inode *lower_inode; struct ecryptfs_crypt_stat *crypt_stat; crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; lower_dentry = ecryptfs_dentry_to_lower(dentry); + lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); inode = dentry->d_inode; lower_inode = ecryptfs_inode_to_lower(inode); if (ia->ia_valid & ATTR_SIZE) { @@ -876,7 +878,7 @@ static int ecryptfs_setattr(struct dentr if (rc < 0) goto out; } - rc = notify_change(lower_dentry, ia); + rc = notify_change(lower_dentry, lower_mnt, ia); out: fsstack_copy_attr_all(inode, lower_inode, NULL); return rc; Index: linux-2.6/fs/fat/file.c === --- linux-2.6.orig/fs/fat/file.c +++ linux-2.6/fs/fat/file.c @@ -92,7 +92,7 @@ int fat_generic_ioctl(struct inode *inod } /* This MUST be done before doing anything irreversible... */ - err = notify_change(filp->f_path.dentry, &ia); + err = notify_change(filp->f_path.dentry, filp->f_path.mnt, &ia); if (err) goto up; Index: linux-2.6/fs/hpfs/namei.c === --- linux-2.6.orig/fs/hpfs/namei.c +++ linux-2.6/fs/hpfs/namei.c @@ -426,7 +426,7 @@ again: /*printk("HPFS: truncating file before delete.\n");*/ newattrs.ia_size = 0; newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; - err = notify_change(dentry, &newattrs); + err = notify_change(dentry, NULL, &newattrs); put_write_access(inode); if (!err) goto again; Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -358,7 +358,7 @@ nfsd_setattr(struct svc_rqst *rqstp, str err = nfserr_notsync; if (!check_guard || guardtime == inode->i_ctime.tv_sec) { fh_lock(fhp); - host_err = notify_change(dentry, iap); + host_err = notify_change(dentry, NU
[RFC 3/28] Pass struct file down to remove_suid and children
Pass struct file down to remove_suid and children Pass struct path to remove_suid and should_remove_suid instead of only the dentry. Required by a later patch that adds a struct vfsmount parameter to notify_change(). Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/mm/filemap.c === --- linux-2.6.orig/mm/filemap.c +++ linux-2.6/mm/filemap.c @@ -1869,9 +1869,9 @@ repeat: * if suid or (sgid and xgrp) * remove privs */ -int should_remove_suid(struct dentry *dentry) +int should_remove_suid(struct path *path) { - mode_t mode = dentry->d_inode->i_mode; + mode_t mode = path->dentry->d_inode->i_mode; int kill = 0; /* suid always must be killed */ @@ -1892,20 +1892,20 @@ int should_remove_suid(struct dentry *de } EXPORT_SYMBOL(should_remove_suid); -int __remove_suid(struct dentry *dentry, int kill) +int __remove_suid(struct path *path, int kill) { struct iattr newattrs; newattrs.ia_valid = ATTR_FORCE | kill; - return notify_change(dentry, &newattrs); + return notify_change(path->dentry, &newattrs); } -int remove_suid(struct dentry *dentry) +int remove_suid(struct path *path) { - int kill = should_remove_suid(dentry); + int kill = should_remove_suid(path); if (unlikely(kill)) - return __remove_suid(dentry, kill); + return __remove_suid(path, kill); return 0; } @@ -2266,7 +2266,7 @@ __generic_file_aio_write_nolock(struct k if (count == 0) goto out; - err = remove_suid(file->f_path.dentry); + err = remove_suid(&file->f_path); if (err) goto out; Index: linux-2.6/fs/ntfs/file.c === --- linux-2.6.orig/fs/ntfs/file.c +++ linux-2.6/fs/ntfs/file.c @@ -2162,7 +2162,7 @@ static ssize_t ntfs_file_aio_write_noloc goto out; if (!count) goto out; - err = remove_suid(file->f_path.dentry); + err = remove_suid(&file->f_path); if (err) goto out; file_update_time(file); Index: linux-2.6/fs/reiserfs/file.c === --- linux-2.6.orig/fs/reiserfs/file.c +++ linux-2.6/fs/reiserfs/file.c @@ -1353,7 +1353,7 @@ static ssize_t reiserfs_file_write(struc if (count == 0) goto out; - res = remove_suid(file->f_path.dentry); + res = remove_suid(&file->f_path); if (res) goto out; Index: linux-2.6/fs/splice.c === --- linux-2.6.orig/fs/splice.c +++ linux-2.6/fs/splice.c @@ -844,7 +844,7 @@ generic_file_splice_write_nolock(struct ssize_t ret; int err; - err = remove_suid(out->f_path.dentry); + err = remove_suid(&out->f_path); if (unlikely(err)) return err; @@ -890,10 +890,10 @@ generic_file_splice_write(struct pipe_in ssize_t ret; int err; - err = should_remove_suid(out->f_path.dentry); + err = should_remove_suid(&out->f_path); if (unlikely(err)) { mutex_lock(&inode->i_mutex); - err = __remove_suid(out->f_path.dentry, err); + err = __remove_suid(&out->f_path, err); mutex_unlock(&inode->i_mutex); if (err) return err; Index: linux-2.6/fs/xfs/linux-2.6/xfs_lrw.c === --- linux-2.6.orig/fs/xfs/linux-2.6/xfs_lrw.c +++ linux-2.6/fs/xfs/linux-2.6/xfs_lrw.c @@ -805,7 +805,7 @@ start: !capable(CAP_FSETID)) { error = xfs_write_clear_setuid(xip); if (likely(!error)) - error = -remove_suid(file->f_path.dentry); + error = -remove_suid(&file->f_path); if (unlikely(error)) { xfs_iunlock(xip, iolock); goto out_unlock_mutex; Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -1678,9 +1678,9 @@ extern void __iget(struct inode * inode) extern void clear_inode(struct inode *); extern void destroy_inode(struct inode *); extern struct inode *new_inode(struct super_block *); -extern int __remove_suid(struct dentry *, int); -extern int should_remove_suid(struct dentry *); -extern int remove_suid(struct dentry *); +extern int __remove_suid(struct path *, int); +extern int should_remove_suid(struct path *); +extern int remove_suid(struct path *); ex
[RFC 19/28] Add struct vfsmount parameters to vfs_rename()
Add struct vfsmount parameters to vfs_rename() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -590,19 +590,24 @@ ecryptfs_rename(struct inode *old_dir, s { int rc; struct dentry *lower_old_dentry; + struct vfsmount *lower_old_mnt; struct dentry *lower_new_dentry; + struct vfsmount *lower_new_mnt; struct dentry *lower_old_dir_dentry; struct dentry *lower_new_dir_dentry; lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); + lower_old_mnt = ecryptfs_dentry_to_lower_mnt(old_dentry); lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); + lower_new_mnt = ecryptfs_dentry_to_lower_mnt(new_dentry); dget(lower_old_dentry); dget(lower_new_dentry); lower_old_dir_dentry = dget_parent(lower_old_dentry); lower_new_dir_dentry = dget_parent(lower_new_dentry); lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry, - lower_new_dir_dentry->d_inode, lower_new_dentry); + lower_old_mnt, lower_new_dir_dentry->d_inode, + lower_new_dentry, lower_new_mnt); if (rc) goto out_lock; fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode, NULL); Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2382,7 +2382,8 @@ asmlinkage long sys_link(const char __us *locking]. */ static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, - struct inode *new_dir, struct dentry *new_dentry) + struct vfsmount *old_mnt, struct inode *new_dir, + struct dentry *new_dentry, struct vfsmount *new_mnt) { int error = 0; struct inode *target; @@ -2425,7 +2426,8 @@ static int vfs_rename_dir(struct inode * } static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, - struct inode *new_dir, struct dentry *new_dentry) + struct vfsmount *old_mnt, struct inode *new_dir, + struct dentry *new_dentry, struct vfsmount *new_mnt) { struct inode *target; int error; @@ -2453,7 +2455,8 @@ static int vfs_rename_other(struct inode } int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, - struct inode *new_dir, struct dentry *new_dentry) + struct vfsmount *old_mnt, struct inode *new_dir, + struct dentry *new_dentry, struct vfsmount *new_mnt) { int error; int is_dir = S_ISDIR(old_dentry->d_inode->i_mode); @@ -2482,9 +2485,11 @@ int vfs_rename(struct inode *old_dir, st old_name = fsnotify_oldname_init(old_dentry->d_name.name); if (is_dir) - error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry); + error = vfs_rename_dir(old_dir, old_dentry, old_mnt, + new_dir, new_dentry, new_mnt); else - error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry); + error = vfs_rename_other(old_dir, old_dentry, old_mnt, +new_dir, new_dentry, new_mnt); if (!error) { const char *new_name = old_dentry->d_name.name; fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, @@ -2556,8 +2561,8 @@ static int do_rename(int olddfd, const c if (new_dentry == trap) goto exit5; - error = vfs_rename(old_dir->d_inode, old_dentry, - new_dir->d_inode, new_dentry); + error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.mnt, + new_dir->d_inode, new_dentry, newnd.mnt); exit5: dput(new_dentry); exit4: Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1620,7 +1620,7 @@ nfsd_rename(struct svc_rqst *rqstp, stru host_err = -EPERM; } else #endif - host_err = vfs_rename(fdir, odentry, tdir, ndentry); + host_err = vfs_rename(fdir, odentry, NULL, tdir, ndentry, NULL); if (!host_err && EX_ISSYNC(tfhp->fh_export)) { host_err = nfsd_sync_dir(tdentry); if (!host_err) Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++
[RFC 20/28] Pass struct vfsmount to the inode_rename LSM hook
Pass struct vfsmount to the inode_rename LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2398,7 +2398,8 @@ static int vfs_rename_dir(struct inode * return error; } - error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); + error = security_inode_rename(old_dir, old_dentry, old_mnt, + new_dir, new_dentry, new_mnt); if (error) return error; @@ -2432,7 +2433,8 @@ static int vfs_rename_other(struct inode struct inode *target; int error; - error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); + error = security_inode_rename(old_dir, old_dentry, old_mnt, + new_dir, new_dentry, new_mnt); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -336,8 +336,10 @@ struct request_sock; * Check for permission to rename a file or directory. * @old_dir contains the inode structure for parent of the old link. * @old_dentry contains the dentry structure of the old link. + * @old_mnt is the vfsmount corresponding to @old_dentry (may be NULL). * @new_dir contains the inode structure for parent of the new link. * @new_dentry contains the dentry structure of the new link. + * @new_mnt is the vfsmount corresponding to @new_dentry (may be NULL). * Return 0 if permission is granted. * @inode_readlink: * Check the permission to read the symbolic link. @@ -1230,7 +1232,9 @@ struct security_operations { int (*inode_mknod) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, int mode, dev_t dev); int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, -struct inode *new_dir, struct dentry *new_dentry); +struct vfsmount *old_mnt, +struct inode *new_dir, struct dentry *new_dentry, +struct vfsmount *new_mnt); int (*inode_readlink) (struct dentry *dentry, struct vfsmount *mnt); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); @@ -1696,14 +1700,16 @@ static inline int security_inode_mknod ( static inline int security_inode_rename (struct inode *old_dir, struct dentry *old_dentry, +struct vfsmount *old_mnt, struct inode *new_dir, -struct dentry *new_dentry) +struct dentry *new_dentry, +struct vfsmount *new_mnt) { if (unlikely (IS_PRIVATE (old_dentry->d_inode) || (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode return 0; - return security_ops->inode_rename (old_dir, old_dentry, - new_dir, new_dentry); + return security_ops->inode_rename (old_dir, old_dentry, old_mnt, + new_dir, new_dentry, new_mnt); } static inline int security_inode_readlink (struct dentry *dentry, @@ -2419,8 +2425,10 @@ static inline int security_inode_mknod ( static inline int security_inode_rename (struct inode *old_dir, struct dentry *old_dentry, +struct vfsmount *old_mnt, struct inode *new_dir, -struct dentry *new_dentry) +struct dentry *new_dentry, +struct vfsmount *new_mnt) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -310,8 +310,10 @@ static int dummy_inode_mknod (struct ino static int dummy_inode_rename (struct inode *old_inode, struct dentry *old_dentry, + struct vfsmount *old_mnt, struct inode *new_inode, - struct dentry *new_dentry) + struct dentry *new_dentry, + struct vfsmount *new_mnt) { return 0;
[RFC 23/28] Add a struct vfsmount parameter to vfs_getxattr()
Add a struct vfsmount parameter to vfs_getxattr() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -382,7 +382,7 @@ static ssize_t nfsd_getxattr(struct dent { ssize_t buflen; - buflen = vfs_getxattr(dentry, key, NULL, 0); + buflen = vfs_getxattr(dentry, NULL, key, NULL, 0); if (buflen <= 0) return buflen; @@ -390,7 +390,7 @@ static ssize_t nfsd_getxattr(struct dent if (!*buf) return -ENOMEM; - return vfs_getxattr(dentry, key, *buf, buflen); + return vfs_getxattr(dentry, NULL, key, *buf, buflen); } #endif Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -107,7 +107,8 @@ out: EXPORT_SYMBOL_GPL(vfs_setxattr); ssize_t -vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size) +vfs_getxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, +void *value, size_t size) { struct inode *inode = dentry->d_inode; int error; @@ -279,7 +280,8 @@ sys_fsetxattr(int fd, char __user *name, * Extended attribute GET operations */ static ssize_t -getxattr(struct dentry *d, char __user *name, void __user *value, size_t size) +getxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name, +void __user *value, size_t size) { ssize_t error; void *kvalue = NULL; @@ -299,7 +301,7 @@ getxattr(struct dentry *d, char __user * return -ENOMEM; } - error = vfs_getxattr(d, kname, kvalue, size); + error = vfs_getxattr(dentry, mnt, kname, kvalue, size); if (error > 0) { if (size && copy_to_user(value, kvalue, error)) error = -EFAULT; @@ -322,7 +324,7 @@ sys_getxattr(char __user *path, char __u error = user_path_walk(path, &nd); if (error) return error; - error = getxattr(nd.dentry, name, value, size); + error = getxattr(nd.dentry, nd.mnt, name, value, size); path_release(&nd); return error; } @@ -337,7 +339,7 @@ sys_lgetxattr(char __user *path, char __ error = user_path_walk_link(path, &nd); if (error) return error; - error = getxattr(nd.dentry, name, value, size); + error = getxattr(nd.dentry, nd.mnt, name, value, size); path_release(&nd); return error; } @@ -351,7 +353,7 @@ sys_fgetxattr(int fd, char __user *name, f = fget(fd); if (!f) return error; - error = getxattr(f->f_path.dentry, name, value, size); + error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size); fput(f); return error; } Index: linux-2.6/include/linux/xattr.h === --- linux-2.6.orig/include/linux/xattr.h +++ linux-2.6/include/linux/xattr.h @@ -40,7 +40,8 @@ struct xattr_handler { size_t size, int flags); }; -ssize_t vfs_getxattr(struct dentry *, char *, void *, size_t); +ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *, +size_t); ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t, int); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 24/28] Pass struct vfsmount to the inode_getxattr LSM hook
Pass struct vfsmount to the inode_getxattr LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -117,7 +117,7 @@ vfs_getxattr(struct dentry *dentry, stru if (error) return error; - error = security_inode_getxattr(dentry, name); + error = security_inode_getxattr(dentry, mnt, name); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -391,7 +391,7 @@ struct request_sock; * @value identified by @name for @dentry and @mnt. * @inode_getxattr: * Check permission before obtaining the extended attributes - * identified by @name for @dentry. + * identified by @name for @dentry and @mnt. * Return 0 if permission is granted. * @inode_listxattr: * Check permission before obtaining the list of extended attribute @@ -1248,7 +1248,8 @@ struct security_operations { struct vfsmount *mnt, char *name, void *value, size_t size, int flags); - int (*inode_getxattr) (struct dentry *dentry, char *name); + int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt, + char *name); int (*inode_listxattr) (struct dentry *dentry); int (*inode_removexattr) (struct dentry *dentry, char *name); const char *(*inode_xattr_getsuffix) (void); @@ -1782,11 +1783,12 @@ static inline void security_inode_post_s security_ops->inode_post_setxattr (dentry, mnt, name, value, size, flags); } -static inline int security_inode_getxattr (struct dentry *dentry, char *name) +static inline int security_inode_getxattr (struct dentry *dentry, + struct vfsmount *mnt, char *name) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_getxattr (dentry, name); + return security_ops->inode_getxattr (dentry, mnt, name); } static inline int security_inode_listxattr (struct dentry *dentry) @@ -2487,7 +2489,8 @@ static inline void security_inode_post_s int flags) { } -static inline int security_inode_getxattr (struct dentry *dentry, char *name) +static inline int security_inode_getxattr (struct dentry *dentry, + struct vfsmount *mnt, char *name) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -368,7 +368,8 @@ static void dummy_inode_post_setxattr (s { } -static int dummy_inode_getxattr (struct dentry *dentry, char *name) +static int dummy_inode_getxattr (struct dentry *dentry, + struct vfsmount *mnt, char *name) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2352,7 +2352,8 @@ static void selinux_inode_post_setxattr( return; } -static int selinux_inode_getxattr (struct dentry *dentry, char *name) +static int selinux_inode_getxattr (struct dentry *dentry, struct vfsmount *mnt, + char *name) { return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 21/28] Add a struct vfsmount parameter to vfs_setxattr()
Add a struct vfsmount parameter to vfs_setxattr() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -415,7 +415,7 @@ set_nfsv4_acl_one(struct dentry *dentry, goto out; } - error = vfs_setxattr(dentry, key, buf, len, 0); + error = vfs_setxattr(dentry, NULL, key, buf, len, 0); out: kfree(buf); return error; @@ -1969,7 +1969,7 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i size = 0; if (size) - error = vfs_setxattr(fhp->fh_dentry, name, value, size, 0); + error = vfs_setxattr(fhp->fh_dentry, NULL, name, value, size,0); else { if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT) error = 0; Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -70,8 +70,8 @@ xattr_permission(struct inode *inode, co } int -vfs_setxattr(struct dentry *dentry, char *name, void *value, - size_t size, int flags) +vfs_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, +void *value, size_t size, int flags) { struct inode *inode = dentry->d_inode; int error; @@ -194,8 +194,8 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); * Extended attribute SET operations */ static long -setxattr(struct dentry *d, char __user *name, void __user *value, -size_t size, int flags) +setxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name, +void __user *value, size_t size, int flags) { int error; void *kvalue = NULL; @@ -222,7 +222,7 @@ setxattr(struct dentry *d, char __user * } } - error = vfs_setxattr(d, kname, kvalue, size, flags); + error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags); kfree(kvalue); return error; } @@ -237,7 +237,7 @@ sys_setxattr(char __user *path, char __u error = user_path_walk(path, &nd); if (error) return error; - error = setxattr(nd.dentry, name, value, size, flags); + error = setxattr(nd.dentry, nd.mnt, name, value, size, flags); path_release(&nd); return error; } @@ -252,7 +252,7 @@ sys_lsetxattr(char __user *path, char __ error = user_path_walk_link(path, &nd); if (error) return error; - error = setxattr(nd.dentry, name, value, size, flags); + error = setxattr(nd.dentry, nd.mnt, name, value, size, flags); path_release(&nd); return error; } @@ -270,7 +270,7 @@ sys_fsetxattr(int fd, char __user *name, return error; dentry = f->f_path.dentry; audit_inode(NULL, dentry->d_inode); - error = setxattr(dentry, name, value, size, flags); + error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags); fput(f); return error; } Index: linux-2.6/include/linux/xattr.h === --- linux-2.6.orig/include/linux/xattr.h +++ linux-2.6/include/linux/xattr.h @@ -42,7 +42,8 @@ struct xattr_handler { ssize_t vfs_getxattr(struct dentry *, char *, void *, size_t); ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); -int vfs_setxattr(struct dentry *, char *, void *, size_t, int); +int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t, +int); int vfs_removexattr(struct dentry *, char *); ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 27/28] Add a struct vfsmount parameter to vfs_removexattr()
Add a struct vfsmount parameter to vfs_removexattr() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1974,7 +1974,7 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT) error = 0; else { - error = vfs_removexattr(fhp->fh_dentry, name); + error = vfs_removexattr(fhp->fh_dentry, NULL, name); if (error == -ENODATA) error = 0; } Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -166,7 +166,7 @@ vfs_listxattr(struct dentry *dentry, str EXPORT_SYMBOL_GPL(vfs_listxattr); int -vfs_removexattr(struct dentry *dentry, char *name) +vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name) { struct inode *inode = dentry->d_inode; int error; @@ -437,7 +437,7 @@ sys_flistxattr(int fd, char __user *list * Extended attribute REMOVE operations */ static long -removexattr(struct dentry *d, char __user *name) +removexattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name) { int error; char kname[XATTR_NAME_MAX + 1]; @@ -448,7 +448,7 @@ removexattr(struct dentry *d, char __use if (error < 0) return error; - return vfs_removexattr(d, kname); + return vfs_removexattr(dentry, mnt, kname); } asmlinkage long @@ -460,7 +460,7 @@ sys_removexattr(char __user *path, char error = user_path_walk(path, &nd); if (error) return error; - error = removexattr(nd.dentry, name); + error = removexattr(nd.dentry, nd.mnt, name); path_release(&nd); return error; } @@ -474,7 +474,7 @@ sys_lremovexattr(char __user *path, char error = user_path_walk_link(path, &nd); if (error) return error; - error = removexattr(nd.dentry, name); + error = removexattr(nd.dentry, nd.mnt, name); path_release(&nd); return error; } @@ -491,7 +491,7 @@ sys_fremovexattr(int fd, char __user *na return error; dentry = f->f_path.dentry; audit_inode(NULL, dentry->d_inode); - error = removexattr(dentry, name); + error = removexattr(dentry, f->f_path.mnt, name); fput(f); return error; } Index: linux-2.6/include/linux/xattr.h === --- linux-2.6.orig/include/linux/xattr.h +++ linux-2.6/include/linux/xattr.h @@ -46,7 +46,7 @@ ssize_t vfs_listxattr(struct dentry *d, size_t size); int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t, int); -int vfs_removexattr(struct dentry *, char *); +int vfs_removexattr(struct dentry *, struct vfsmount *, char *); ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size); ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 26/28] Pass struct vfsmount to the inode_listxattr LSM hook
Pass struct vfsmount to the inode_listxattr LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -150,7 +150,7 @@ vfs_listxattr(struct dentry *dentry, str struct inode *inode = dentry->d_inode; ssize_t error; - error = security_inode_listxattr(dentry); + error = security_inode_listxattr(dentry, mnt); if (error) return error; error = -EOPNOTSUPP; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -395,7 +395,7 @@ struct request_sock; * Return 0 if permission is granted. * @inode_listxattr: * Check permission before obtaining the list of extended attribute - * names for @dentry. + * names for @dentry and @mnt. * Return 0 if permission is granted. * @inode_removexattr: * Check permission before removing the extended attribute @@ -1250,7 +1250,7 @@ struct security_operations { size_t size, int flags); int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt, char *name); - int (*inode_listxattr) (struct dentry *dentry); + int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt); int (*inode_removexattr) (struct dentry *dentry, char *name); const char *(*inode_xattr_getsuffix) (void); int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); @@ -1791,11 +1791,12 @@ static inline int security_inode_getxatt return security_ops->inode_getxattr (dentry, mnt, name); } -static inline int security_inode_listxattr (struct dentry *dentry) +static inline int security_inode_listxattr (struct dentry *dentry, + struct vfsmount *mnt) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_listxattr (dentry); + return security_ops->inode_listxattr (dentry, mnt); } static inline int security_inode_removexattr (struct dentry *dentry, char *name) @@ -2495,7 +2496,8 @@ static inline int security_inode_getxatt return 0; } -static inline int security_inode_listxattr (struct dentry *dentry) +static inline int security_inode_listxattr (struct dentry *dentry, + struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -374,7 +374,7 @@ static int dummy_inode_getxattr (struct return 0; } -static int dummy_inode_listxattr (struct dentry *dentry) +static int dummy_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2358,7 +2358,7 @@ static int selinux_inode_getxattr (struc return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } -static int selinux_inode_listxattr (struct dentry *dentry) +static int selinux_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt) { return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 28/28] Pass struct vfsmount to the inode_removexattr LSM hook
Pass struct vfsmount to the inode_removexattr LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -178,7 +178,7 @@ vfs_removexattr(struct dentry *dentry, s if (error) return error; - error = security_inode_removexattr(dentry, name); + error = security_inode_removexattr(dentry, mnt, name); if (error) return error; Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -50,7 +50,7 @@ extern int cap_bprm_set_security (struct extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); extern int cap_bprm_secureexec(struct linux_binprm *bprm); extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags); -extern int cap_inode_removexattr(struct dentry *dentry, char *name); +extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern void cap_task_reparent_to_init (struct task_struct *p); extern int cap_syslog (int type); @@ -1251,7 +1251,8 @@ struct security_operations { int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt, char *name); int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt); - int (*inode_removexattr) (struct dentry *dentry, char *name); + int (*inode_removexattr) (struct dentry *dentry, struct vfsmount *mnt, + char *name); const char *(*inode_xattr_getsuffix) (void); int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); @@ -1799,11 +1800,12 @@ static inline int security_inode_listxat return security_ops->inode_listxattr (dentry, mnt); } -static inline int security_inode_removexattr (struct dentry *dentry, char *name) +static inline int security_inode_removexattr (struct dentry *dentry, + struct vfsmount *mnt, char *name) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_removexattr (dentry, name); + return security_ops->inode_removexattr (dentry, mnt, name); } static inline const char *security_inode_xattr_getsuffix(void) @@ -2502,9 +2504,10 @@ static inline int security_inode_listxat return 0; } -static inline int security_inode_removexattr (struct dentry *dentry, char *name) +static inline int security_inode_removexattr (struct dentry *dentry, + struct vfsmount *mnt, char *name) { - return cap_inode_removexattr(dentry, name); + return cap_inode_removexattr(dentry, mnt, name); } static inline const char *security_inode_xattr_getsuffix (void) Index: linux-2.6/security/commoncap.c === --- linux-2.6.orig/security/commoncap.c +++ linux-2.6/security/commoncap.c @@ -201,7 +201,8 @@ int cap_inode_setxattr(struct dentry *de return 0; } -int cap_inode_removexattr(struct dentry *dentry, char *name) +int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, + char *name) { if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -379,7 +379,8 @@ static int dummy_inode_listxattr (struct return 0; } -static int dummy_inode_removexattr (struct dentry *dentry, char *name) +static int dummy_inode_removexattr (struct dentry *dentry, struct vfsmount *mnt, + char *name) { if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2363,7 +2363,8 @@ static int selinux_inode_listxattr (stru return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } -static int selinux_inode_removexattr (struct dentry *dentry, char *name) +static int selinux_inode_removexattr (struct dentry *dentry, +
[RFC 25/28] Add a struct vfsmount parameter to vfs_listxattr()
Add a struct vfsmount parameter to vfs_listxattr() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/xattr.c === --- linux-2.6.orig/fs/xattr.c +++ linux-2.6/fs/xattr.c @@ -144,18 +144,20 @@ vfs_getxattr(struct dentry *dentry, stru EXPORT_SYMBOL_GPL(vfs_getxattr); ssize_t -vfs_listxattr(struct dentry *d, char *list, size_t size) +vfs_listxattr(struct dentry *dentry, struct vfsmount *mnt, char *list, + size_t size) { + struct inode *inode = dentry->d_inode; ssize_t error; - error = security_inode_listxattr(d); + error = security_inode_listxattr(dentry); if (error) return error; error = -EOPNOTSUPP; - if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { - error = d->d_inode->i_op->listxattr(d, list, size); - } else { - error = security_inode_listsecurity(d->d_inode, list, size); + if (inode->i_op && inode->i_op->listxattr) + error = inode->i_op->listxattr(dentry, list, size); + else { + error = security_inode_listsecurity(inode, list, size); if (size && error > size) error = -ERANGE; } @@ -362,7 +364,8 @@ sys_fgetxattr(int fd, char __user *name, * Extended attribute LIST operations */ static ssize_t -listxattr(struct dentry *d, char __user *list, size_t size) +listxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *list, + size_t size) { ssize_t error; char *klist = NULL; @@ -375,7 +378,7 @@ listxattr(struct dentry *d, char __user return -ENOMEM; } - error = vfs_listxattr(d, klist, size); + error = vfs_listxattr(dentry, mnt, klist, size); if (error > 0) { if (size && copy_to_user(list, klist, error)) error = -EFAULT; @@ -397,7 +400,7 @@ sys_listxattr(char __user *path, char __ error = user_path_walk(path, &nd); if (error) return error; - error = listxattr(nd.dentry, list, size); + error = listxattr(nd.dentry, nd.mnt, list, size); path_release(&nd); return error; } @@ -411,7 +414,7 @@ sys_llistxattr(char __user *path, char _ error = user_path_walk_link(path, &nd); if (error) return error; - error = listxattr(nd.dentry, list, size); + error = listxattr(nd.dentry, nd.mnt, list, size); path_release(&nd); return error; } @@ -425,7 +428,7 @@ sys_flistxattr(int fd, char __user *list f = fget(fd); if (!f) return error; - error = listxattr(f->f_path.dentry, list, size); + error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size); fput(f); return error; } Index: linux-2.6/include/linux/xattr.h === --- linux-2.6.orig/include/linux/xattr.h +++ linux-2.6/include/linux/xattr.h @@ -42,7 +42,8 @@ struct xattr_handler { ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *, size_t); -ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); +ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list, + size_t size); int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t, int); int vfs_removexattr(struct dentry *, char *); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 22/28] Pass struct vfsmount to the inode_setxattr LSM hook
Pass struct vfsmount to the inode_setxattr LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -49,7 +49,7 @@ extern void cap_capset_set (struct task_ extern int cap_bprm_set_security (struct linux_binprm *bprm); extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); extern int cap_bprm_secureexec(struct linux_binprm *bprm); -extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); +extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags); extern int cap_inode_removexattr(struct dentry *dentry, char *name); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern void cap_task_reparent_to_init (struct task_struct *p); @@ -384,11 +384,11 @@ struct request_sock; * inode. * @inode_setxattr: * Check permission before setting the extended attributes - * @value identified by @name for @dentry. + * @value identified by @name for @dentry and @mnt. * Return 0 if permission is granted. * @inode_post_setxattr: * Update inode security field after successful setxattr operation. - * @value identified by @name for @dentry. + * @value identified by @name for @dentry and @mnt. * @inode_getxattr: * Check permission before obtaining the extended attributes * identified by @name for @dentry. @@ -1242,9 +1242,11 @@ struct security_operations { struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); void (*inode_delete) (struct inode *inode); - int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, - size_t size, int flags); - void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value, + int (*inode_setxattr) (struct dentry *dentry, struct vfsmount *mnt, + char *name, void *value, size_t size, int flags); + void (*inode_post_setxattr) (struct dentry *dentry, +struct vfsmount *mnt, +char *name, void *value, size_t size, int flags); int (*inode_getxattr) (struct dentry *dentry, char *name); int (*inode_listxattr) (struct dentry *dentry); @@ -1760,20 +1762,24 @@ static inline void security_inode_delete security_ops->inode_delete (inode); } -static inline int security_inode_setxattr (struct dentry *dentry, char *name, +static inline int security_inode_setxattr (struct dentry *dentry, + struct vfsmount *mnt, char *name, void *value, size_t size, int flags) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_setxattr (dentry, name, value, size, flags); + return security_ops->inode_setxattr (dentry, mnt, name, value, size, +flags); } -static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, - void *value, size_t size, int flags) +static inline void security_inode_post_setxattr (struct dentry *dentry, +struct vfsmount *mnt, +char *name, void *value, +size_t size, int flags) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return; - security_ops->inode_post_setxattr (dentry, name, value, size, flags); + security_ops->inode_post_setxattr (dentry, mnt, name, value, size, flags); } static inline int security_inode_getxattr (struct dentry *dentry, char *name) @@ -2467,14 +2473,18 @@ static inline int security_inode_getattr static inline void security_inode_delete (struct inode *inode) { } -static inline int security_inode_setxattr (struct dentry *dentry, char *name, +static inline int security_inode_setxattr (struct dentry *dentry, + struct vfsmount *mnt, char *name, void *value, size_t size, int flags) { - return cap_inode_setxattr(dentry, name, value, size, flags); + return cap_inode_setxattr(dentry, mnt, name, value, size, flags); } -static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, -void *value, size_t size, int flags) +static inline void security_i
[RFC 16/28] Pass struct vfsmount to the inode_rmdir LSM hook
Pass struct vfsmount to the inode_rmdir LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2023,7 +2023,7 @@ int vfs_rmdir(struct inode *dir, struct if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_inode_rmdir(dir, dentry); + error = security_inode_rmdir(dir, dentry, mnt); if (!error) { error = dir->i_op->rmdir(dir, dentry); if (!error) Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -318,6 +318,7 @@ struct request_sock; * Check the permission to remove a directory. * @dir contains the inode structure of parent of the directory to be removed. * @dentry contains the dentry structure of directory to be removed. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * Return 0 if permission is granted. * @inode_mknod: * Check permissions when creating a special file (or a socket or a fifo @@ -1222,7 +1223,8 @@ struct security_operations { struct vfsmount *mnt, const char *old_name); int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, int mode); - int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); + int (*inode_rmdir) (struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt); int (*inode_mknod) (struct inode *dir, struct dentry *dentry, struct vfsmount *mnt, int mode, dev_t dev); int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, @@ -1671,11 +1673,12 @@ static inline int security_inode_mkdir ( } static inline int security_inode_rmdir (struct inode *dir, - struct dentry *dentry) + struct dentry *dentry, + struct vfsmount *mnt) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_rmdir (dir, dentry); + return security_ops->inode_rmdir (dir, dentry, mnt); } static inline int security_inode_mknod (struct inode *dir, @@ -2396,7 +2399,8 @@ static inline int security_inode_mkdir ( } static inline int security_inode_rmdir (struct inode *dir, - struct dentry *dentry) + struct dentry *dentry, + struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -295,7 +295,8 @@ static int dummy_inode_mkdir (struct ino return 0; } -static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry) +static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry, + struct vfsmount *mnt) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2178,7 +2178,8 @@ static int selinux_inode_mkdir(struct in return may_create(dir, dentry, SECCLASS_DIR); } -static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) +static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt) { return may_link(dir, dentry, MAY_RMDIR); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 15/28] Add a struct vfsmount parameter to vfs_rmdir()
Add a struct vfsmount parameter to vfs_rmdir() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -534,14 +534,16 @@ out: static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) { struct dentry *lower_dentry; + struct vfsmount *lower_mnt; struct dentry *lower_dir_dentry; int rc; lower_dentry = ecryptfs_dentry_to_lower(dentry); + lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); dget(dentry); lower_dir_dentry = lock_parent(lower_dentry); dget(lower_dentry); - rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); + rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry, lower_mnt); dput(lower_dentry); if (!rc) d_delete(lower_dentry); Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2006,7 +2006,7 @@ void dentry_unhash(struct dentry *dentry spin_unlock(&dcache_lock); } -int vfs_rmdir(struct inode *dir, struct dentry *dentry) +int vfs_rmdir(struct inode *dir, struct dentry *dentry,struct vfsmount *mnt) { int error = may_delete(dir, dentry, 1); @@ -2070,7 +2070,7 @@ static long do_rmdir(int dfd, const char error = PTR_ERR(dentry); if (IS_ERR(dentry)) goto exit2; - error = vfs_rmdir(nd.dentry->d_inode, dentry); + error = vfs_rmdir(nd.dentry->d_inode, dentry, nd.mnt); dput(dentry); exit2: mutex_unlock(&nd.dentry->d_inode->i_mutex); Index: linux-2.6/fs/nfsd/nfs4recover.c === --- linux-2.6.orig/fs/nfsd/nfs4recover.c +++ linux-2.6/fs/nfsd/nfs4recover.c @@ -275,7 +275,7 @@ nfsd4_clear_clid_dir(struct dentry *dir, * a kernel from the future */ nfsd4_list_rec_dir(dentry, nfsd4_remove_clid_file); mutex_lock_nested(&dir->d_inode->i_mutex, I_MUTEX_PARENT); - status = vfs_rmdir(dir->d_inode, dentry); + status = vfs_rmdir(dir->d_inode, dentry, NULL); mutex_unlock(&dir->d_inode->i_mutex); return status; } Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1694,7 +1694,7 @@ nfsd_unlink(struct svc_rqst *rqstp, stru #endif host_err = vfs_unlink(dirp, rdentry); } else { /* It's RMDIR */ - host_err = vfs_rmdir(dirp, rdentry); + host_err = vfs_rmdir(dirp, rdentry, NULL); } dput(rdentry); Index: linux-2.6/fs/reiserfs/xattr.c === --- linux-2.6.orig/fs/reiserfs/xattr.c +++ linux-2.6/fs/reiserfs/xattr.c @@ -823,7 +823,7 @@ int reiserfs_delete_xattrs(struct inode if (dir->d_inode->i_nlink <= 2) { root = get_xa_root(inode->i_sb); reiserfs_write_lock_xattrs(inode->i_sb); - err = vfs_rmdir(root->d_inode, dir); + err = vfs_rmdir(root->d_inode, dir, NULL); reiserfs_write_unlock_xattrs(inode->i_sb); dput(root); } else { Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -983,7 +983,7 @@ extern int vfs_mkdir(struct inode *, str extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t); extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int); extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *); -extern int vfs_rmdir(struct inode *, struct dentry *); +extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *); extern int vfs_unlink(struct inode *, struct dentry *); extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 17/28] Add a struct vfsmount parameter to vfs_unlink()
Add a struct vfsmount parameter to vfs_unlink() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -445,10 +445,11 @@ static int ecryptfs_unlink(struct inode { int rc = 0; struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); + struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); lock_parent(lower_dentry); - rc = vfs_unlink(lower_dir_inode, lower_dentry); + rc = vfs_unlink(lower_dir_inode, lower_dentry, lower_mnt); if (rc) { printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc); goto out_unlock; Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2086,7 +2086,7 @@ asmlinkage long sys_rmdir(const char __u return do_rmdir(AT_FDCWD, pathname); } -int vfs_unlink(struct inode *dir, struct dentry *dentry) +int vfs_unlink(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt) { int error = may_delete(dir, dentry, 0); @@ -2150,7 +2150,7 @@ static long do_unlinkat(int dfd, const c inode = dentry->d_inode; if (inode) atomic_inc(&inode->i_count); - error = vfs_unlink(nd.dentry->d_inode, dentry); + error = vfs_unlink(nd.dentry->d_inode, dentry, nd.mnt); exit2: dput(dentry); } Index: linux-2.6/fs/nfsd/nfs4recover.c === --- linux-2.6.orig/fs/nfsd/nfs4recover.c +++ linux-2.6/fs/nfsd/nfs4recover.c @@ -260,7 +260,7 @@ nfsd4_remove_clid_file(struct dentry *di return -EINVAL; } mutex_lock_nested(&dir->d_inode->i_mutex, I_MUTEX_PARENT); - status = vfs_unlink(dir->d_inode, dentry); + status = vfs_unlink(dir->d_inode, dentry, NULL); mutex_unlock(&dir->d_inode->i_mutex); return status; } Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1692,7 +1692,7 @@ nfsd_unlink(struct svc_rqst *rqstp, stru host_err = -EPERM; } else #endif - host_err = vfs_unlink(dirp, rdentry); + host_err = vfs_unlink(dirp, rdentry, NULL); } else { /* It's RMDIR */ host_err = vfs_rmdir(dirp, rdentry, NULL); } Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -984,7 +984,7 @@ extern int vfs_mknod(struct inode *, str extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int); extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *); extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *); -extern int vfs_unlink(struct inode *, struct dentry *); +extern int vfs_unlink(struct inode *, struct dentry *, struct vfsmount *); extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *); /* Index: linux-2.6/ipc/mqueue.c === --- linux-2.6.orig/ipc/mqueue.c +++ linux-2.6/ipc/mqueue.c @@ -747,7 +747,7 @@ asmlinkage long sys_mq_unlink(const char if (inode) atomic_inc(&inode->i_count); - err = vfs_unlink(dentry->d_parent->d_inode, dentry); + err = vfs_unlink(dentry->d_parent->d_inode, dentry, mqueue_mnt); out_err: dput(dentry); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 13/28] Add struct vfsmount parameters to vfs_link()
Add struct vfsmount parameters to vfs_link() Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -2250,7 +2250,7 @@ asmlinkage long sys_symlink(const char _ return sys_symlinkat(oldname, AT_FDCWD, newname); } -int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) +int vfs_link(struct dentry *old_dentry, struct vfsmount *old_mnt, struct inode *dir, struct dentry *new_dentry, struct vfsmount *new_mnt) { struct inode *inode = old_dentry->d_inode; int error; @@ -2328,7 +2328,8 @@ asmlinkage long sys_linkat(int olddfd, c error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out_unlock; - error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); + error = vfs_link(old_nd.dentry, old_nd.mnt, nd.dentry->d_inode, +new_dentry, nd.mnt); dput(new_dentry); out_unlock: mutex_unlock(&nd.dentry->d_inode->i_mutex); Index: linux-2.6/include/linux/fs.h === --- linux-2.6.orig/include/linux/fs.h +++ linux-2.6/include/linux/fs.h @@ -982,7 +982,7 @@ extern int vfs_create(struct inode *, st extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int); extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t); extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int); -extern int vfs_link(struct dentry *, struct inode *, struct dentry *); +extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *); extern int vfs_rmdir(struct inode *, struct dentry *); extern int vfs_unlink(struct inode *, struct dentry *); extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *); Index: linux-2.6/fs/ecryptfs/inode.c === --- linux-2.6.orig/fs/ecryptfs/inode.c +++ linux-2.6/fs/ecryptfs/inode.c @@ -403,19 +403,24 @@ static int ecryptfs_link(struct dentry * struct dentry *new_dentry) { struct dentry *lower_old_dentry; + struct vfsmount *lower_old_mnt; struct dentry *lower_new_dentry; + struct vfsmount *lower_new_mnt; struct dentry *lower_dir_dentry; u64 file_size_save; int rc; file_size_save = i_size_read(old_dentry->d_inode); lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); + lower_old_mnt = ecryptfs_dentry_to_lower_mnt(old_dentry); lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); + lower_new_mnt = ecryptfs_dentry_to_lower_mnt(new_dentry); dget(lower_old_dentry); dget(lower_new_dentry); lower_dir_dentry = lock_parent(lower_new_dentry); - rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode, - lower_new_dentry); + rc = vfs_link(lower_old_dentry, lower_old_mnt, + lower_dir_dentry->d_inode, lower_new_dentry, + lower_new_mnt); if (rc || !lower_new_dentry->d_inode) goto out_lock; rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); Index: linux-2.6/fs/nfsd/vfs.c === --- linux-2.6.orig/fs/nfsd/vfs.c +++ linux-2.6/fs/nfsd/vfs.c @@ -1527,7 +1527,7 @@ nfsd_link(struct svc_rqst *rqstp, struct dold = tfhp->fh_dentry; dest = dold->d_inode; - host_err = vfs_link(dold, dirp, dnew); + host_err = vfs_link(dold, NULL, dirp, dnew, NULL); if (!host_err) { if (EX_ISSYNC(ffhp->fh_export)) { err = nfserrno(nfsd_sync_dir(ddir)); - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 5/28] Pass struct vfsmount to the inode_setattr LSM hook
Pass struct vfsmount to the inode_setattr LSM hook Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/attr.c === --- linux-2.6.orig/fs/attr.c +++ linux-2.6/fs/attr.c @@ -145,13 +145,13 @@ int notify_change(struct dentry *dentry, down_write(&dentry->d_inode->i_alloc_sem); if (inode->i_op && inode->i_op->setattr) { - error = security_inode_setattr(dentry, attr); + error = security_inode_setattr(dentry, mnt, attr); if (!error) error = inode->i_op->setattr(dentry, attr); } else { error = inode_change_ok(inode, attr); if (!error) - error = security_inode_setattr(dentry, attr); + error = security_inode_setattr(dentry, mnt, attr); if (!error) { if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -358,6 +358,7 @@ struct request_sock; * file attributes change (such as when a file is truncated, chown/chmod * operations, transferring disk quotas, etc). * @dentry contains the dentry structure for the file. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * @attr is the iattr structure containing the new file attributes. * Return 0 if permission is granted. * @inode_getattr: @@ -1221,7 +1222,8 @@ struct security_operations { int (*inode_readlink) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); - int (*inode_setattr)(struct dentry *dentry, struct iattr *attr); + int (*inode_setattr) (struct dentry *dentry, struct vfsmount *mnt, + struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); void (*inode_delete) (struct inode *inode); int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, @@ -1708,11 +1710,12 @@ static inline int security_inode_permiss } static inline int security_inode_setattr (struct dentry *dentry, + struct vfsmount *mnt, struct iattr *attr) { if (unlikely (IS_PRIVATE (dentry->d_inode))) return 0; - return security_ops->inode_setattr (dentry, attr); + return security_ops->inode_setattr (dentry, mnt, attr); } static inline int security_inode_getattr (struct vfsmount *mnt, @@ -2412,6 +2415,7 @@ static inline int security_inode_permiss } static inline int security_inode_setattr (struct dentry *dentry, + struct vfsmount *mnt, struct iattr *attr) { return 0; Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -328,7 +328,8 @@ static int dummy_inode_permission (struc return 0; } -static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr) +static int dummy_inode_setattr (struct dentry *dentry, struct vfsmount *mnt, + struct iattr *iattr) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2226,11 +2226,12 @@ static int selinux_inode_permission(stru file_mask_to_av(inode->i_mode, mask), NULL); } -static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) +static int selinux_inode_setattr(struct dentry *dentry, struct vfsmount *mnt, +struct iattr *iattr) { int rc; - rc = secondary_ops->inode_setattr(dentry, iattr); + rc = secondary_ops->inode_setattr(dentry, mnt, iattr); if (rc) return rc; - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 2/28] Remove redundant check from proc_setattr().
Remove redundant check from proc_setattr() notify_change() already calls security_inode_setattr() before calling iop->setattr. Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/proc/base.c === --- linux-2.6.orig/fs/proc/base.c +++ linux-2.6/fs/proc/base.c @@ -344,11 +344,8 @@ static int proc_setattr(struct dentry *d return -EPERM; error = inode_change_ok(inode, attr); - if (!error) { - error = security_inode_setattr(dentry, attr); - if (!error) - error = inode_setattr(inode, attr); - } + if (!error) + error = inode_setattr(inode, attr); return error; } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 1/28] Pass struct vfsmount to the inode_create LSM hook.
Pass struct vfsmount to the inode_create LSM hook. Signed-off-by: Tony Jones <[EMAIL PROTECTED]> Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Index: linux-2.6/fs/namei.c === --- linux-2.6.orig/fs/namei.c +++ linux-2.6/fs/namei.c @@ -1503,7 +1503,7 @@ int vfs_create(struct inode *dir, struct return -EACCES; /* shouldn't it be ENOSYS? */ mode &= S_IALLUGO; mode |= S_IFREG; - error = security_inode_create(dir, dentry, mode); + error = security_inode_create(dir, dentry, nd ? nd->mnt : NULL, mode); if (error) return error; DQUOT_INIT(dir); Index: linux-2.6/include/linux/security.h === --- linux-2.6.orig/include/linux/security.h +++ linux-2.6/include/linux/security.h @@ -283,6 +283,7 @@ struct request_sock; * Check permission to create a regular file. * @dir contains inode structure of the parent of the new file. * @dentry contains the dentry structure for the file to be created. + * @mnt is the vfsmount corresponding to @dentry (may be NULL). * @mode contains the file mode of the file to be created. * Return 0 if permission is granted. * @inode_link: @@ -1204,8 +1205,8 @@ struct security_operations { void (*inode_free_security) (struct inode *inode); int (*inode_init_security) (struct inode *inode, struct inode *dir, char **name, void **value, size_t *len); - int (*inode_create) (struct inode *dir, -struct dentry *dentry, int mode); + int (*inode_create) (struct inode *dir, struct dentry *dentry, +struct vfsmount *mnt, int mode); int (*inode_link) (struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry); int (*inode_unlink) (struct inode *dir, struct dentry *dentry); @@ -1611,11 +1612,12 @@ static inline int security_inode_init_se static inline int security_inode_create (struct inode *dir, struct dentry *dentry, +struct vfsmount *mnt, int mode) { if (unlikely (IS_PRIVATE (dir))) return 0; - return security_ops->inode_create (dir, dentry, mode); + return security_ops->inode_create (dir, dentry, mnt, mode); } static inline int security_inode_link (struct dentry *old_dentry, @@ -2338,6 +2340,7 @@ static inline int security_inode_init_se static inline int security_inode_create (struct inode *dir, struct dentry *dentry, +struct vfsmount *mnt, int mode) { return 0; Index: linux-2.6/security/dummy.c === --- linux-2.6.orig/security/dummy.c +++ linux-2.6/security/dummy.c @@ -265,7 +265,7 @@ static int dummy_inode_init_security (st } static int dummy_inode_create (struct inode *inode, struct dentry *dentry, - int mask) + struct vfsmount *mnt, int mask) { return 0; } Index: linux-2.6/security/selinux/hooks.c === --- linux-2.6.orig/security/selinux/hooks.c +++ linux-2.6/security/selinux/hooks.c @@ -2135,7 +2135,8 @@ static int selinux_inode_init_security(s return 0; } -static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) +static int selinux_inode_create(struct inode *dir, struct dentry *dentry, +struct vfsmount *mnt, int mask) { return may_create(dir, dentry, SECCLASS_FILE); } - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC 0/28] Patches to pass vfsmount to LSM inode security hooks
Introduction The following are a set of patches the goal of which is to pass vfsmounts through select portions of the VFS layer sufficient to be visible to the LSM inode operation hooks. They are being posted now as a request for comment. Presently the AppArmor code - being a user of the LSM interface - does not receive the vfsmount correspoding to an operation and has to employ convoluted and slow mechanisms in an attempt to determine the vfsmount which are error prone. Therefore these patches or some variant of them are viewed as a necessary precursor for the AppArmor code being resubmitted. It is currently planned to resubmit the AppArmor code to the list in the next month. We apologise greatly for the silence since the last submission, a combination of research into different designs, other work pressures and just not doing the "right thing". Regardless, early discussion and feedback on the interface changes presented here is appreciated. Limitations of the current patches -- NULL is passed for the vfsmount from all NFS functions, this is analagous to the current NULL nameidata for security_inode_permission. NULL is also passed in certain cases for internal filesystem data which is not visible in the normal namespace (Reiserfs being one example). Struct vfsmount is passed to the LSM inode hooks rather than struct nameidata as the hooks do not require the intent data and also as a few hooks are called when only a struct file is available. Possible changes A second parameter is now being passed to many functions. One alternative is to ammend the LSM interface (and struct nameidata) to use struct path instead but this would be a larger change. Patches --- security-create.diff Pass struct vfsmount to the inode_create LSM hook. proc_setattr.diff Remove redundant check from proc_setattr(). remove_suid.diff Pass struct file down to remove_suid and children vfs-notify_change.diff Add a vfsmount parameter to notify_change() security-setattr.diff Pass struct vfsmount to the inode_setattr LSM hook vfs-mkdir.diff Add struct vfsmount parameter to vfs_mkdir() security-mkdir.diff Pass struct vfsmount to the inode_mkdir LSM hook vfs-mknod.diff Add a struct vfsmount parameter to vfs_mknod() security-mknod.diff Pass struct vfsmount to the inode_mknod LSM hook vfs-symlink.diff Add a struct vfsmount parameter to vfs_symlink() security-symlink.diff Pass struct vfsmount to the inode_symlink LSM hook. security-readlink.diff Pass struct vfsmount to the inode_readlink LSM hook vfs-link.diff Add struct vfsmount parameters to vfs_link() security-link.diff Pass struct vfsmount to the inode_link LSM hook vfs-rmdir.diff Add a struct vfsmount parameter to vfs_rmdir() security-rmdir.diff Pass struct vfsmount to the inode_rmdir LSM hook vfs-unlink.diff Add a struct vfsmount parameter to vfs_unlink() security-unlink.diff Pass struct vfsmount to the inode_unlink LSM hook vfs-rename.diff Add struct vfsmount parameters to vfs_rename() security-rename.diff Pass struct vfsmount to the inode_rename LSM hook vfs-setxattr.diff Add a struct vfsmount parameter to vfs_setxattr() security-setxattr.diff Pass struct vfsmount to the inode_setxattr LSM hook vfs-getxattr.diff Add a struct vfsmount parameter to vfs_getxattr() security-getxattr.diff Pass struct vfsmount to the inode_getxattr LSM hook vfs-listxattr.diff Add a struct vfsmount parameter to vfs_listxattr() security-listxattr.diff Pass struct vfsmount to the inode_listxattr LSM hook vfs-removexattr.diff Add a struct vfsmount parameter to vfs_removexattr() security-removexattr.diff Pass struct vfsmount to the inode_removexattr LSM hook - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html