From: Miklos Szeredi <mszeredi@xxxxxxx> In the inode_setxattr() security operation and related functions pass the path (vfsmount + dentry) instead of the dentry. AppArmor will need this. Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx> --- fs/xattr.c | 2 +- include/linux/security.h | 12 ++++++------ security/commoncap.c | 2 +- security/dummy.c | 4 ++-- security/security.c | 6 +++--- security/selinux/hooks.c | 3 ++- security/smack/smack_lsm.c | 7 ++++--- 7 files changed, 19 insertions(+), 17 deletions(-) Index: linux-2.6/fs/xattr.c =================================================================== --- linux-2.6.orig/fs/xattr.c 2008-05-29 12:20:58.000000000 +0200 +++ linux-2.6/fs/xattr.c 2008-05-29 12:20:58.000000000 +0200 @@ -81,7 +81,7 @@ vfs_setxattr(struct path *path, const ch return error; mutex_lock(&inode->i_mutex); - error = security_inode_setxattr(dentry, name, value, size, flags); + error = security_inode_setxattr(path, name, value, size, flags); if (error) goto out; error = -EOPNOTSUPP; Index: linux-2.6/include/linux/security.h =================================================================== --- linux-2.6.orig/include/linux/security.h 2008-05-29 12:20:58.000000000 +0200 +++ linux-2.6/include/linux/security.h 2008-05-29 12:20:58.000000000 +0200 @@ -53,7 +53,7 @@ extern void cap_capset_set(struct task_s extern int cap_bprm_set_security(struct linux_binprm *bprm); extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); extern int cap_bprm_secureexec(struct linux_binprm *bprm); -extern int cap_inode_setxattr(struct dentry *dentry, const char *name, +extern int cap_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags); extern int cap_inode_removexattr(struct dentry *dentry, const char *name); extern int cap_inode_need_killpriv(struct dentry *dentry); @@ -428,7 +428,7 @@ static inline void security_free_mnt_opt * inode. * @inode_setxattr: * Check permission before setting the extended attributes - * @value identified by @name for @dentry. + * @value identified by @name for @path. * Return 0 if permission is granted. * @inode_post_setxattr: * Update inode security field after successful setxattr operation. @@ -1371,7 +1371,7 @@ struct security_operations { int (*inode_setattr) (struct path *path, struct iattr *attr); int (*inode_getattr) (struct path *path); void (*inode_delete) (struct inode *inode); - int (*inode_setxattr) (struct dentry *dentry, const char *name, + int (*inode_setxattr) (struct path *path, const char *name, const void *value, size_t size, int flags); void (*inode_post_setxattr) (struct dentry *dentry, const char *name, const void *value, size_t size, int flags); @@ -1643,7 +1643,7 @@ int security_inode_permission(struct ino int security_inode_setattr(struct path *path, struct iattr *attr); int security_inode_getattr(struct path *path); void security_inode_delete(struct inode *inode); -int security_inode_setxattr(struct dentry *dentry, const char *name, +int security_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags); void security_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); @@ -2048,10 +2048,10 @@ static inline int security_inode_getattr static inline void security_inode_delete(struct inode *inode) { } -static inline int security_inode_setxattr(struct dentry *dentry, +static inline int security_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags) { - return cap_inode_setxattr(dentry, name, value, size, flags); + return cap_inode_setxattr(path, name, value, size, flags); } static inline void security_inode_post_setxattr(struct dentry *dentry, Index: linux-2.6/security/dummy.c =================================================================== --- linux-2.6.orig/security/dummy.c 2008-05-29 12:20:58.000000000 +0200 +++ linux-2.6/security/dummy.c 2008-05-29 12:20:58.000000000 +0200 @@ -363,8 +363,8 @@ static void dummy_inode_delete (struct i return; } -static int dummy_inode_setxattr (struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +static int dummy_inode_setxattr(struct path *path, const char *name, + const void *value, size_t size, int flags) { if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && Index: linux-2.6/security/security.c =================================================================== --- linux-2.6.orig/security/security.c 2008-05-29 12:20:58.000000000 +0200 +++ linux-2.6/security/security.c 2008-05-29 12:20:58.000000000 +0200 @@ -493,12 +493,12 @@ void security_inode_delete(struct inode security_ops->inode_delete(inode); } -int security_inode_setxattr(struct dentry *dentry, const char *name, +int security_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(path->dentry->d_inode))) return 0; - return security_ops->inode_setxattr(dentry, name, value, size, flags); + return security_ops->inode_setxattr(path, name, value, size, flags); } void security_inode_post_setxattr(struct dentry *dentry, const char *name, Index: linux-2.6/security/selinux/hooks.c =================================================================== --- linux-2.6.orig/security/selinux/hooks.c 2008-05-29 12:20:58.000000000 +0200 +++ linux-2.6/security/selinux/hooks.c 2008-05-29 12:20:58.000000000 +0200 @@ -2622,10 +2622,11 @@ static int selinux_inode_setotherxattr(s return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); } -static int selinux_inode_setxattr(struct dentry *dentry, const char *name, +static int selinux_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags) { struct task_security_struct *tsec = current->security; + struct dentry *dentry = path->dentry; struct inode *inode = dentry->d_inode; struct inode_security_struct *isec = inode->i_security; struct superblock_security_struct *sbsec; Index: linux-2.6/security/smack/smack_lsm.c =================================================================== --- linux-2.6.orig/security/smack/smack_lsm.c 2008-05-29 12:20:57.000000000 +0200 +++ linux-2.6/security/smack/smack_lsm.c 2008-05-29 12:20:58.000000000 +0200 @@ -563,7 +563,7 @@ static int smack_inode_getattr(struct pa /** * smack_inode_setxattr - Smack check for setting xattrs - * @dentry: the object + * @path: the object * @name: name of the attribute * @value: unused * @size: unused @@ -573,9 +573,10 @@ static int smack_inode_getattr(struct pa * * Returns 0 if access is permitted, an error code otherwise */ -static int smack_inode_setxattr(struct dentry *dentry, const char *name, +static int smack_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags) { + struct dentry *dentry = path->dentry; int rc = 0; if (strcmp(name, XATTR_NAME_SMACK) == 0 || @@ -584,7 +585,7 @@ static int smack_inode_setxattr(struct d if (!capable(CAP_MAC_ADMIN)) rc = -EPERM; } else - rc = cap_inode_setxattr(dentry, name, value, size, flags); + rc = cap_inode_setxattr(path, name, value, size, flags); if (rc == 0) rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); Index: linux-2.6/security/commoncap.c =================================================================== --- linux-2.6.orig/security/commoncap.c 2008-05-29 12:20:15.000000000 +0200 +++ linux-2.6/security/commoncap.c 2008-05-29 12:20:58.000000000 +0200 @@ -383,7 +383,7 @@ int cap_bprm_secureexec (struct linux_bi current->egid != current->gid); } -int cap_inode_setxattr(struct dentry *dentry, const char *name, +int cap_inode_setxattr(struct path *path, const char *name, const void *value, size_t size, int flags) { if (!strcmp(name, XATTR_NAME_CAPS)) { -- -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html