mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change parameter order to be dentry/mnt -- as suggested by Jan Blunck.

Browse source
This commit is contained in:
Tony Jones 2007-01-17 07:12:32 +00:00
parent 08e94e2969
commit 138fc035b5
30 changed files with 623 additions and 557 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
kernel-patches/for-mainline/apparmor-bootdisable.diff
View file

@ -18,7 +18,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
/* Flag values, also controllable via apparmorfs/control.
* We explicitly do not allow these to be modifiable when exported via
* /sys/modules/parameters, as we want to do additional mediation and
@@ -827,6 +836,11 @@ static int __init apparmor_init(void)
@@ -831,6 +840,11 @@ static int __init apparmor_init(void)
int error;
const char *complainmsg = ": complainmode enabled";

2
kernel-patches/for-mainline/apparmor-builtinonly.diff
View file

@ -56,7 +56,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
static int apparmor_ptrace(struct task_struct *parent,
struct task_struct *child)
{
@@ -891,67 +861,4 @@ createfs_out:
@@ -895,67 +865,4 @@ createfs_out:
}

82
kernel-patches/for-mainline/apparmor-novalidfstype.diff
View file

@ -79,9 +79,9 @@ Index: linux-2.6.19/security/apparmor/lsm.c
return error;
}
-static int apparmor_inode_mkdir(struct inode *inode, struct vfsmount *mnt,
+static int apparmor_inode_mkdir(struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mask)
-static int apparmor_inode_mkdir(struct inode *inode, struct dentry *dentry,
+static int apparmor_inode_mkdir(struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mask)
{
struct aaprofile *active;
int error = 0;
@ -95,25 +95,9 @@ Index: linux-2.6.19/security/apparmor/lsm.c
return error;
}
-static int apparmor_inode_rmdir(struct inode *inode, struct vfsmount *mnt,
+static int apparmor_inode_rmdir(struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry)
{
struct aaprofile *active;
int error = 0;
- if (!mnt)
+ if (!mnt || dir->i_sb->s_security != AA_MEDIATE_FS)
goto out;
active = get_active_aaprofile();
@@ -266,13 +271,13 @@ out:
return error;
}
-static int apparmor_inode_create(struct inode *inode, struct vfsmount *mnt,
+static int apparmor_inode_create(struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mask)
-static int apparmor_inode_rmdir(struct inode *inode, struct dentry *dentry,
+static int apparmor_inode_rmdir(struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt)
{
struct aaprofile *active;
int error = 0;
@ -126,11 +110,11 @@ Index: linux-2.6.19/security/apparmor/lsm.c
@@ -287,14 +292,14 @@ out:
}
static int apparmor_inode_link(struct vfsmount *old_mnt,
- struct dentry *old_dentry, struct inode *inode,
+ struct dentry *old_dentry, struct inode *dir,
struct vfsmount *new_mnt,
struct dentry *new_dentry)
static int apparmor_inode_link(struct dentry *old_dentry,
- struct vfsmount *old_mnt, struct inode *inode,
+ struct vfsmount *old_mnt, struct inode *dir,
struct dentry *new_dentry,
struct vfsmount *new_mnt)
{
int error = 0;
struct aaprofile *active;
@ -140,7 +124,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
goto out;
active = get_active_aaprofile();
@@ -315,7 +320,7 @@ static int apparmor_inode_unlink(struct
@@ -316,7 +321,7 @@ static int apparmor_inode_unlink(struct
struct aaprofile *active;
int error = 0;
@ -149,13 +133,13 @@ Index: linux-2.6.19/security/apparmor/lsm.c
goto out;
active = get_active_aaprofile();
@@ -329,13 +334,13 @@ out:
@@ -330,13 +335,13 @@ out:
return error;
}
-static int apparmor_inode_mknod(struct inode *inode, struct vfsmount *mnt,
+static int apparmor_inode_mknod(struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode, dev_t dev)
-static int apparmor_inode_mknod(struct inode *inode, struct dentry *dentry,
+static int apparmor_inode_mknod(struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode, dev_t dev)
{
struct aaprofile *active;
int error = 0;
@ -165,20 +149,20 @@ Index: linux-2.6.19/security/apparmor/lsm.c
goto out;
active = get_active_aaprofile();
@@ -349,10 +354,10 @@ out:
@@ -350,10 +355,10 @@ out:
return error;
}
-static int apparmor_inode_rename(struct inode *old_inode,
+static int apparmor_inode_rename(struct inode *old_dir,
struct vfsmount *old_mnt,
struct dentry *old_dentry,
struct vfsmount *old_mnt,
- struct inode *new_inode,
+ struct inode *new_dir,
struct vfsmount *new_mnt,
struct dentry *new_dentry)
struct dentry *new_dentry,
struct vfsmount *new_mnt)
{
@@ -365,11 +370,12 @@ static int apparmor_inode_rename(struct
@@ -366,11 +371,12 @@ static int apparmor_inode_rename(struct
active = get_active_aaprofile();
if (active) {
@ -193,7 +177,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
error = aa_perm(active, new_dentry, new_mnt,
MAY_WRITE);
}
@@ -388,7 +394,7 @@ static int apparmor_inode_permission(str
@@ -389,7 +395,7 @@ static int apparmor_inode_permission(str
/* Do not perform check on pipes or sockets
* Same as apparmor_file_permission
*/
@ -202,7 +186,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
struct aaprofile *active;
active = get_active_aaprofile();
@@ -404,23 +410,21 @@ static int apparmor_inode_setattr(struct
@@ -405,23 +411,21 @@ static int apparmor_inode_setattr(struct
struct iattr *iattr)
{
int error = 0;
@ -236,7 +220,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
out:
return error;
@@ -431,19 +435,16 @@ static int apparmor_inode_setxattr(struc
@@ -432,19 +436,16 @@ static int apparmor_inode_setxattr(struc
int flags)
{
int error = 0;
@ -263,7 +247,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
out:
return error;
@@ -453,19 +454,17 @@ static int apparmor_inode_getxattr(struc
@@ -454,19 +455,17 @@ static int apparmor_inode_getxattr(struc
char *name)
{
int error = 0;
@ -290,8 +274,8 @@ Index: linux-2.6.19/security/apparmor/lsm.c
out:
return error;
@@ -473,19 +472,16 @@ out:
static int apparmor_inode_listxattr(struct vfsmount *mnt, struct dentry *dentry)
@@ -474,19 +473,16 @@ out:
static int apparmor_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt)
{
int error = 0;
+ struct aaprofile *active;
@ -317,8 +301,8 @@ Index: linux-2.6.19/security/apparmor/lsm.c
out:
return error;
@@ -495,19 +491,16 @@ static int apparmor_inode_removexattr(st
struct dentry *dentry, char *name)
@@ -496,19 +492,16 @@ static int apparmor_inode_removexattr(st
struct vfsmount *mnt, char *name)
{
int error = 0;
+ struct aaprofile *active;
@ -344,7 +328,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
out:
return error;
@@ -516,55 +509,36 @@ out:
@@ -517,55 +510,36 @@ out:
static int apparmor_file_permission(struct file *file, int mask)
{
struct aaprofile *active;
@ -412,7 +396,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
}
static inline int aa_mmap(struct file *file, unsigned long prot,
@@ -572,12 +546,10 @@ static inline int aa_mmap(struct file *f
@@ -573,12 +547,10 @@ static inline int aa_mmap(struct file *f
{
int error = 0, mask = 0;
struct aaprofile *active;
@ -426,7 +410,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
goto out;
if (prot & PROT_READ)
@@ -636,17 +608,6 @@ static void apparmor_task_reparent_to_in
@@ -637,17 +609,6 @@ static void apparmor_task_reparent_to_in
return;
}
@ -444,7 +428,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
static int apparmor_getprocattr(struct task_struct *p, char *name, void *value,
size_t size)
{
@@ -829,8 +790,6 @@ struct security_operations apparmor_ops
@@ -830,8 +791,6 @@ struct security_operations apparmor_ops
.task_post_setuid = apparmor_task_post_setuid,
.task_reparent_to_init = apparmor_task_reparent_to_init,

55
kernel-patches/for-mainline/apparmor-vfsmnt.diff
View file

@ -146,14 +146,14 @@ Index: linux-2.6.19/security/apparmor/lsm.c
#include "apparmor.h"
#include "inline.h"
@@ -246,122 +247,157 @@ static int apparmor_umount(struct vfsmou
@@ -246,122 +247,158 @@ static int apparmor_umount(struct vfsmou
return error;
}
-static int apparmor_inode_mkdir(struct inode *inode, struct dentry *dentry,
- int mask)
+static int apparmor_inode_mkdir(struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, int mask)
+static int apparmor_inode_mkdir(struct inode *inode, struct dentry *dentry,
+ struct vfsmount *mnt, int mask)
{
struct aaprofile *active;
int error = 0;
@ -174,8 +174,8 @@ Index: linux-2.6.19/security/apparmor/lsm.c
}
-static int apparmor_inode_rmdir(struct inode *inode, struct dentry *dentry)
+static int apparmor_inode_rmdir(struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry)
+static int apparmor_inode_rmdir(struct inode *inode, struct dentry *dentry,
+ struct vfsmount *mnt)
{
struct aaprofile *active;
int error = 0;
@ -195,10 +195,9 @@ Index: linux-2.6.19/security/apparmor/lsm.c
return error;
}
-static int apparmor_inode_create(struct inode *inode, struct dentry *dentry,
static int apparmor_inode_create(struct inode *inode, struct dentry *dentry,
- int mask)
+static int apparmor_inode_create(struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, int mask)
+ struct vfsmount *mnt, int mask)
{
struct aaprofile *active;
int error = 0;
@ -221,10 +220,10 @@ Index: linux-2.6.19/security/apparmor/lsm.c
-static int apparmor_inode_link(struct dentry *old_dentry, struct inode *inode,
- struct dentry *new_dentry)
+static int apparmor_inode_link(struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *inode,
+ struct vfsmount *new_mnt,
+ struct dentry *new_dentry)
+static int apparmor_inode_link(struct dentry *old_dentry,
+ struct vfsmount *old_mnt, struct inode *inode,
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
int error = 0;
struct aaprofile *active;
@ -246,8 +245,9 @@ Index: linux-2.6.19/security/apparmor/lsm.c
}
-static int apparmor_inode_unlink(struct inode *inode, struct dentry *dentry)
+static int apparmor_inode_unlink(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry)
+static int apparmor_inode_unlink(struct inode *dir,
+ struct dentry *dentry,
+ struct vfsmount *mnt)
{
struct aaprofile *active;
int error = 0;
@ -267,10 +267,9 @@ Index: linux-2.6.19/security/apparmor/lsm.c
return error;
}
-static int apparmor_inode_mknod(struct inode *inode, struct dentry *dentry,
static int apparmor_inode_mknod(struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
+static int apparmor_inode_mknod(struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, int mode, dev_t dev)
+ struct vfsmount *mnt, int mode, dev_t dev)
{
struct aaprofile *active;
int error = 0;
@ -294,11 +293,11 @@ Index: linux-2.6.19/security/apparmor/lsm.c
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
+ struct vfsmount *old_mnt,
+ struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
+ struct inode *new_inode,
+ struct vfsmount *new_mnt,
+ struct dentry *new_dentry)
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
struct aaprofile *active;
int error = 0;
@ -330,7 +329,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
return error;
}
@@ -373,22 +409,26 @@ static int apparmor_inode_permission(str
@@ -373,22 +410,26 @@ static int apparmor_inode_permission(str
/* Do not perform check on pipes or sockets
* Same as apparmor_file_permission
*/
@ -349,7 +348,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
}
-static int apparmor_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int apparmor_inode_setattr(struct vfsmount *mnt, struct dentry *dentry,
+static int apparmor_inode_setattr(struct dentry *dentry, struct vfsmount *mnt,
+ struct iattr *iattr)
{
int error = 0;
@ -360,7 +359,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
if (VALID_FSTYPE(dentry->d_inode)) {
struct aaprofile *active;
@@ -398,76 +438,99 @@ static int apparmor_inode_setattr(struct
@@ -398,76 +439,99 @@ static int apparmor_inode_setattr(struct
* (chmod, chown, chgrp, etc)
*/
if (active)
@ -376,7 +375,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
-static int apparmor_inode_setxattr(struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
+static int apparmor_inode_setxattr(struct vfsmount *mnt, struct dentry *dentry,
+static int apparmor_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ char *name, void *value, size_t size,
+ int flags)
{
@ -401,7 +400,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
}
-static int apparmor_inode_getxattr(struct dentry *dentry, char *name)
+static int apparmor_inode_getxattr(struct vfsmount *mnt, struct dentry *dentry,
+static int apparmor_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt,
+ char *name)
{
int error = 0;
@ -424,7 +423,7 @@ Index: linux-2.6.19/security/apparmor/lsm.c
return error;
}
-static int apparmor_inode_listxattr(struct dentry *dentry)
+static int apparmor_inode_listxattr(struct vfsmount *mnt, struct dentry *dentry)
+static int apparmor_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt)
{
int error = 0;
@ -447,8 +446,8 @@ Index: linux-2.6.19/security/apparmor/lsm.c
}
-static int apparmor_inode_removexattr(struct dentry *dentry, char *name)
+static int apparmor_inode_removexattr(struct vfsmount *mnt,
+ struct dentry *dentry, char *name)
+static int apparmor_inode_removexattr(struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
int error = 0;

41
kernel-patches/for-mainline/security-create.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
mode &= S_IALLUGO;
mode |= S_IFREG;
- error = security_inode_create(dir, dentry, mode);
+ error = security_inode_create(dir, nd ? nd->mnt : NULL, dentry, mode);
+ error = security_inode_create(dir, dentry, nd ? nd->mnt : NULL, mode);
if (error)
return error;
DQUOT_INIT(dir);
@ -20,58 +20,57 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -282,6 +282,7 @@ struct request_sock;
* @inode_create:
@@ -283,6 +283,7 @@ struct request_sock;
* Check permission to create a regular file.
* @dir contains inode structure of the parent of the new file.
+ * @mnt is the vfsmount of the new dentry (may be NULL)
* @dentry contains the dentry structure for the file to be created.
+ * @mnt is the vfsmount corresponding to dir (may be NULL)
* @mode contains the file mode of the file to be created.
* Return 0 if permission is granted.
@@ -1212,7 +1213,7 @@ struct security_operations {
* @inode_link:
@@ -1212,8 +1213,8 @@ struct security_operations {
void (*inode_free_security) (struct inode *inode);
int (*inode_init_security) (struct inode *inode, struct inode *dir,
char **name, void **value, size_t *len);
- int (*inode_create) (struct inode *dir,
+ int (*inode_create) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode);
- struct dentry *dentry, int mode);
+ int (*inode_create) (struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, int mode);
int (*inode_link) (struct dentry *old_dentry,
struct inode *dir, struct dentry *new_dentry);
@@ -1619,12 +1620,13 @@ static inline int security_inode_init_se
}
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
@@ -1620,11 +1621,12 @@ static inline int security_inode_init_se
static inline int security_inode_create (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
int mode)
{
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_create (dir, dentry, mode);
+ return security_ops->inode_create (dir, mnt, dentry, mode);
+ return security_ops->inode_create (dir, dentry, mnt, mode);
}
static inline int security_inode_link (struct dentry *old_dentry,
@@ -2346,6 +2348,7 @@ static inline int security_inode_init_se
}
@@ -2347,6 +2349,7 @@ static inline int security_inode_init_se
static inline int security_inode_create (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
int mode)
{
return 0;
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -264,8 +264,8 @@ static int dummy_inode_init_security (st
return -EOPNOTSUPP;
@@ -265,7 +265,7 @@ static int dummy_inode_init_security (st
}
-static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
- int mask)
+static int dummy_inode_create (struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, int mask)
+ struct vfsmount *mnt, int mask)
{
return 0;
}
@ -84,8 +83,8 @@ Index: linux-2.6.19/security/selinux/hooks.c
}
-static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
+static int selinux_inode_create(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry, int mask)
+static int selinux_inode_create(struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, int mask)
{
return may_create(dir, dentry, SECCLASS_FILE);
}

49
kernel-patches/for-mainline/security-getxattr.diff
View file

@ -7,12 +7,12 @@ Index: linux-2.6.19/fs/xattr.c
===================================================================
--- linux-2.6.19.orig/fs/xattr.c
+++ linux-2.6.19/fs/xattr.c
@@ -117,7 +117,7 @@ vfs_getxattr(struct vfsmount *mnt, struc
@@ -117,7 +117,7 @@ vfs_getxattr(struct dentry *dentry, stru
if (error)
return error;
- error = security_inode_getxattr(dentry, name);
+ error = security_inode_getxattr(mnt, dentry, name);
+ error = security_inode_getxattr(dentry, mnt, name);
if (error)
return error;
@ -20,38 +20,47 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -1254,7 +1254,8 @@ struct security_operations {
char *name, void *value, size_t size, int flags);
void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value,
@@ -391,7 +391,7 @@ struct request_sock;
* @value identified by @name for @dentry and @mnt.
* @inode_getxattr:
* Check permission before obtaining the extended attributes
- * identified by @name for @dentry.
+ * identified by @name for @dentry and @mnt
* Return 0 if permission is granted.
* @inode_listxattr:
* Check permission before obtaining the list of extended attribute
@@ -1256,7 +1256,8 @@ struct security_operations {
struct vfsmount *mnt,
char *name, void *value,
size_t size, int flags);
- int (*inode_getxattr) (struct dentry *dentry, char *name);
+ int (*inode_getxattr) (struct vfsmount *mnt, struct dentry *dentry,
+ int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt,
+ char *name);
int (*inode_listxattr) (struct dentry *dentry);
int (*inode_removexattr) (struct dentry *dentry, char *name);
const char *(*inode_xattr_getsuffix) (void);
@@ -1787,11 +1788,12 @@ static inline void security_inode_post_s
security_ops->inode_post_setxattr (dentry, name, value, size, flags);
@@ -1791,11 +1792,12 @@ static inline void security_inode_post_s
security_ops->inode_post_setxattr (dentry, mnt, name, value, size, flags);
}
-static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+static inline int security_inode_getxattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name)
+static inline int security_inode_getxattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_getxattr (dentry, name);
+ return security_ops->inode_getxattr (mnt, dentry, name);
+ return security_ops->inode_getxattr (dentry, mnt, name);
}
static inline int security_inode_listxattr (struct dentry *dentry)
@@ -2489,7 +2491,8 @@ static inline void security_inode_post_s
void *value, size_t size, int flags)
@@ -2496,7 +2498,8 @@ static inline void security_inode_post_s
int flags)
{ }
-static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+static inline int security_inode_getxattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name)
+static inline int security_inode_getxattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
return 0;
}
@ -59,13 +68,13 @@ Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -366,7 +366,8 @@ static void dummy_inode_post_setxattr (s
@@ -368,7 +368,8 @@ static void dummy_inode_post_setxattr (s
{
}
-static int dummy_inode_getxattr (struct dentry *dentry, char *name)
+static int dummy_inode_getxattr (struct vfsmount *mnt, struct dentry *dentry,
+ char *name)
+static int dummy_inode_getxattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
return 0;
}
@ -73,12 +82,12 @@ Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2343,7 +2343,8 @@ static void selinux_inode_post_setxattr(
@@ -2346,7 +2346,8 @@ static void selinux_inode_post_setxattr(
return;
}
-static int selinux_inode_getxattr (struct dentry *dentry, char *name)
+static int selinux_inode_getxattr (struct vfsmount *mnt, struct dentry *dentry,
+static int selinux_inode_getxattr (struct dentry *dentry, struct vfsmount *mnt,
+ char *name)
{
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);

72
kernel-patches/for-mainline/security-link.diff
View file

@ -7,13 +7,13 @@ Index: linux-2.6.19/fs/namei.c
===================================================================
--- linux-2.6.19.orig/fs/namei.c
+++ linux-2.6.19/fs/namei.c
@@ -2279,7 +2279,8 @@ int vfs_link(struct vfsmount *old_mnt, s
@@ -2279,7 +2279,8 @@ int vfs_link(struct dentry *old_dentry,
if (S_ISDIR(old_dentry->d_inode->i_mode))
return -EPERM;
- error = security_inode_link(old_dentry, dir, new_dentry);
+ error = security_inode_link(old_mnt, old_dentry, dir, new_mnt,
+ new_dentry);
+ error = security_inode_link(old_dentry, old_mnt, dir, new_dentry,
+ new_mnt);
if (error)
return error;
@ -21,45 +21,44 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -288,8 +288,10 @@ struct request_sock;
* Return 0 if permission is granted.
@@ -289,8 +289,10 @@ struct request_sock;
* @inode_link:
* Check permission before creating a new hard link to a file.
+ * @old_mnt is the vfsmount where @old_dentry was looked up (may be NULL)
* @old_dentry contains the dentry structure for an existing link to the file.
+ * @old_mnt is the vfsmount where @old_dentry was looked up (may be NULL)
* @dir contains the inode structure of the parent directory of the new link.
+ * @new_mnt is the vfsmount for @new_dentry (may be NULL)
* @new_dentry contains the dentry structure for the new link.
+ * @new_mnt is the vfsmount for @new_dentry (may be NULL)
* Return 0 if permission is granted.
* @inode_unlink:
* Check the permission to remove a hard link to a file.
@@ -1220,8 +1222,9 @@ struct security_operations {
char **name, void **value, size_t *len);
int (*inode_create) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode);
int (*inode_create) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode);
- int (*inode_link) (struct dentry *old_dentry,
- struct inode *dir, struct dentry *new_dentry);
+ int (*inode_link) (struct vfsmount *old_mnt, struct dentry *old_dentry,
+ struct inode *dir, struct vfsmount *new_mnt,
+ struct dentry *new_dentry);
+ int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt,
+ struct inode *dir, struct dentry *new_dentry,
+ struct vfsmount *new_mnt);
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
int (*inode_symlink) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, const char *old_name);
@@ -1636,13 +1639,16 @@ static inline int security_inode_create
return security_ops->inode_create (dir, mnt, dentry, mode);
int (*inode_symlink) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, const char *old_name);
@@ -1637,12 +1640,15 @@ static inline int security_inode_create
}
-static inline int security_inode_link (struct dentry *old_dentry,
+static inline int security_inode_link (struct vfsmount *old_mnt,
+ struct dentry *old_dentry,
static inline int security_inode_link (struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
struct inode *dir,
+ struct vfsmount *new_mnt,
struct dentry *new_dentry)
- struct dentry *new_dentry)
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
if (unlikely (IS_PRIVATE (old_dentry->d_inode)))
return 0;
- return security_ops->inode_link (old_dentry, dir, new_dentry);
+ return security_ops->inode_link (old_mnt, old_dentry, dir,
+ new_mnt, new_dentry);
+ return security_ops->inode_link (old_dentry, old_mnt, dir,
+ new_dentry, new_mnt);
}
static inline int security_inode_unlink (struct inode *dir,
@ -79,36 +78,39 @@ Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -270,7 +270,9 @@ static int dummy_inode_create (struct in
@@ -270,8 +270,10 @@ static int dummy_inode_create (struct in
return 0;
}
-static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
+static int dummy_inode_link (struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *inode,
+ struct vfsmount *new_mnt,
struct dentry *new_dentry)
- struct dentry *new_dentry)
+static int dummy_inode_link (struct dentry *old_dentry,
+ struct vfsmount *old_mnt, struct inode *inode,
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
return 0;
}
Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2135,11 +2135,15 @@ static int selinux_inode_create(struct i
@@ -2135,11 +2135,16 @@ static int selinux_inode_create(struct i
return may_create(dir, dentry, SECCLASS_FILE);
}
-static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
+static int selinux_inode_link(struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *dir,
+ struct vfsmount *new_mnt,
+ struct dentry *new_dentry)
+static int selinux_inode_link(struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
+ struct inode *dir,
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
int rc;
- rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
+ rc = secondary_ops->inode_link(old_mnt, old_dentry, dir, new_mnt,
+ new_dentry);
+ rc = secondary_ops->inode_link(old_dentry, old_mnt, dir, new_dentry,
+ new_mnt);
if (rc)
return rc;
return may_link(dir, old_dentry, MAY_LINK);

43
kernel-patches/for-mainline/security-listxattr.diff
View file

@ -7,12 +7,12 @@ Index: linux-2.6.19/fs/xattr.c
===================================================================
--- linux-2.6.19.orig/fs/xattr.c
+++ linux-2.6.19/fs/xattr.c
@@ -150,7 +150,7 @@ vfs_listxattr(struct vfsmount *mnt, stru
@@ -150,7 +150,7 @@ vfs_listxattr(struct dentry *dentry, str
struct inode *inode = dentry->d_inode;
ssize_t error;
- error = security_inode_listxattr(dentry);
+ error = security_inode_listxattr(mnt, dentry);
+ error = security_inode_listxattr(dentry, mnt);
if (error)
return error;
error = -EOPNOTSUPP;
@ -20,37 +20,46 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -1256,7 +1256,7 @@ struct security_operations {
@@ -395,7 +395,7 @@ struct request_sock;
* Return 0 if permission is granted.
* @inode_listxattr:
* Check permission before obtaining the list of extended attribute
- * names for @dentry.
+ * names for @dentry/@mnt
* Return 0 if permission is granted.
* @inode_removexattr:
* Check permission before removing the extended attribute
@@ -1258,7 +1258,7 @@ struct security_operations {
size_t size, int flags);
int (*inode_getxattr) (struct vfsmount *mnt, struct dentry *dentry,
int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt,
char *name);
- int (*inode_listxattr) (struct dentry *dentry);
+ int (*inode_listxattr) (struct vfsmount *mnt, struct dentry *dentry);
+ int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt);
int (*inode_removexattr) (struct dentry *dentry, char *name);
const char *(*inode_xattr_getsuffix) (void);
int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
@@ -1796,11 +1796,12 @@ static inline int security_inode_getxatt
return security_ops->inode_getxattr (mnt, dentry, name);
@@ -1800,11 +1800,12 @@ static inline int security_inode_getxatt
return security_ops->inode_getxattr (dentry, mnt, name);
}
-static inline int security_inode_listxattr (struct dentry *dentry)
+static inline int security_inode_listxattr (struct vfsmount *mnt,
+ struct dentry *dentry)
+static inline int security_inode_listxattr (struct dentry *dentry,
+ struct vfsmount *mnt)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_listxattr (dentry);
+ return security_ops->inode_listxattr (mnt, dentry);
+ return security_ops->inode_listxattr (dentry, mnt);
}
static inline int security_inode_removexattr (struct dentry *dentry, char *name)
@@ -2497,7 +2498,8 @@ static inline int security_inode_getxatt
@@ -2504,7 +2505,8 @@ static inline int security_inode_getxatt
return 0;
}
-static inline int security_inode_listxattr (struct dentry *dentry)
+static inline int security_inode_listxattr (struct vfsmount *mnt,
+ struct dentry *dentry)
+static inline int security_inode_listxattr (struct dentry *dentry,
+ struct vfsmount *mnt)
{
return 0;
}
@ -58,12 +67,12 @@ Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -372,7 +372,7 @@ static int dummy_inode_getxattr (struct
@@ -374,7 +374,7 @@ static int dummy_inode_getxattr (struct
return 0;
}
-static int dummy_inode_listxattr (struct dentry *dentry)
+static int dummy_inode_listxattr (struct vfsmount *mnt, struct dentry *dentry)
+static int dummy_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt)
{
return 0;
}
@ -71,12 +80,12 @@ Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2349,7 +2349,7 @@ static int selinux_inode_getxattr (struc
@@ -2352,7 +2352,7 @@ static int selinux_inode_getxattr (struc
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
}
-static int selinux_inode_listxattr (struct dentry *dentry)
+static int selinux_inode_listxattr (struct vfsmount *mnt, struct dentry *dentry)
+static int selinux_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt)
{
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
}

33
kernel-patches/for-mainline/security-mkdir.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
mode &= (S_IRWXUGO|S_ISVTX);
- error = security_inode_mkdir(dir, dentry, mode);
+ error = security_inode_mkdir(dir, mnt, dentry, mode);
+ error = security_inode_mkdir(dir, dentry, mnt, mode);
if (error)
return error;
@ -20,47 +20,46 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -307,6 +307,7 @@ struct request_sock;
* Check permissions to create a new directory in the existing directory
@@ -308,6 +308,7 @@ struct request_sock;
* associated with inode strcture @dir.
* @dir containst the inode structure of parent of the directory to be created.
+ * @mnt is the vfsmount of the new dentry (may be NULL)
* @dentry contains the dentry structure of new directory.
+ * @mnt is the vfsmount corresponding to dir (may be NULL)
* @mode contains the mode of new directory.
* Return 0 if permission is granted.
* @inode_rmdir:
@@ -1221,7 +1222,8 @@ struct security_operations {
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
int (*inode_symlink) (struct inode *dir,
struct dentry *dentry, const char *old_name);
- int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
+ int (*inode_mkdir) (struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry, int mode);
+ int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, int mode);
int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
int mode, dev_t dev);
@@ -1658,12 +1660,13 @@ static inline int security_inode_symlink
}
@@ -1659,11 +1661,12 @@ static inline int security_inode_symlink
static inline int security_inode_mkdir (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
int mode)
{
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_mkdir (dir, dentry, mode);
+ return security_ops->inode_mkdir (dir, mnt, dentry, mode);
+ return security_ops->inode_mkdir (dir, dentry, mnt, mode);
}
static inline int security_inode_rmdir (struct inode *dir,
@@ -2379,6 +2382,7 @@ static inline int security_inode_symlink
}
@@ -2380,6 +2383,7 @@ static inline int security_inode_symlink
static inline int security_inode_mkdir (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
int mode)
{
return 0;
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
@ -71,8 +70,8 @@ Index: linux-2.6.19/security/dummy.c
-static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
- int mask)
+static int dummy_inode_mkdir (struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, int mask)
+static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
+ struct vfsmount *mnt, int mask)
{
return 0;
}
@ -85,8 +84,8 @@ Index: linux-2.6.19/security/selinux/hooks.c
}
-static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
+static int selinux_inode_mkdir(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry, int mask)
+static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, int mask)
{
return may_create(dir, dentry, SECCLASS_DIR);
}

43
kernel-patches/for-mainline/security-mknod.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
return -EPERM;
- error = security_inode_mknod(dir, dentry, mode, dev);
+ error = security_inode_mknod(dir, mnt, dentry, mode, dev);
+ error = security_inode_mknod(dir, dentry, mnt, mode, dev);
if (error)
return error;
@ -20,60 +20,57 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -322,6 +322,7 @@ struct request_sock;
* is being done for a regular file, then the create hook will be called
@@ -323,6 +323,7 @@ struct request_sock;
* and not this hook.
* @dir contains the inode structure of parent of the new file.
+ * @mnt is the vfsmount of the new dentry (may be NULL)
* @dentry contains the dentry structure of the new file.
+ * @mnt is the vfsmount corresponding to dir (may be NULL)
* @mode contains the mode of the new file.
* @dev contains the the device number.
* Return 0 if permission is granted.
@@ -1225,8 +1226,8 @@ struct security_operations {
int (*inode_mkdir) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode);
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode);
int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
- int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
- int mode, dev_t dev);
+ int (*inode_mknod) (struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry, int mode, dev_t dev);
+ int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, int mode, dev_t dev);
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry);
int (*inode_readlink) (struct dentry *dentry);
@@ -1678,12 +1679,13 @@ static inline int security_inode_rmdir (
}
@@ -1679,11 +1680,12 @@ static inline int security_inode_rmdir (
static inline int security_inode_mknod (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
int mode, dev_t dev)
{
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_mknod (dir, dentry, mode, dev);
+ return security_ops->inode_mknod (dir, mnt, dentry, mode, dev);
+ return security_ops->inode_mknod (dir, dentry, mnt, mode, dev);
}
static inline int security_inode_rename (struct inode *old_dir,
@@ -2396,6 +2398,7 @@ static inline int security_inode_rmdir (
}
@@ -2397,6 +2399,7 @@ static inline int security_inode_rmdir (
static inline int security_inode_mknod (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
int mode, dev_t dev)
{
return 0;
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -298,8 +298,8 @@ static int dummy_inode_rmdir (struct ino
return 0;
@@ -299,7 +299,7 @@ static int dummy_inode_rmdir (struct ino
}
-static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
+static int dummy_inode_mknod (struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, int mode, dev_t dev)
+ struct vfsmount *mnt, int mode, dev_t dev)
{
return 0;
}
@ -86,13 +83,13 @@ Index: linux-2.6.19/security/selinux/hooks.c
}
-static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+static int selinux_inode_mknod(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry, int mode, dev_t dev)
+static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, int mode, dev_t dev)
{
int rc;
- rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
+ rc = secondary_ops->inode_mknod(dir, mnt, dentry, mode, dev);
+ rc = secondary_ops->inode_mknod(dir, dentry, mnt, mode, dev);
if (rc)
return rc;

28
kernel-patches/for-mainline/security-readlink.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/stat.c
error = -EINVAL;
if (inode->i_op && inode->i_op->readlink) {
- error = security_inode_readlink(nd.dentry);
+ error = security_inode_readlink(nd.mnt, nd.dentry);
+ error = security_inode_readlink(nd.dentry, nd.mnt);
if (!error) {
touch_atime(nd.mnt, nd.dentry);
error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
@ -20,35 +20,35 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -337,6 +337,7 @@ struct request_sock;
* Return 0 if permission is granted.
@@ -338,6 +338,7 @@ struct request_sock;
* @inode_readlink:
* Check the permission to read the symbolic link.
+ * @mnt is the vfsmount where the dentry was looked up
* @dentry contains the dentry structure for the file link.
+ * @mnt is the vfsmount where the dentry was looked up
* Return 0 if permission is granted.
* @inode_follow_link:
* Check permission to follow a symbolic link when looking up a pathname.
@@ -1231,7 +1232,7 @@ struct security_operations {
struct dentry *dentry, int mode, dev_t dev);
struct vfsmount *mnt, int mode, dev_t dev);
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry);
- int (*inode_readlink) (struct dentry *dentry);
+ int (*inode_readlink) (struct vfsmount *mnt, struct dentry *dentry);
+ int (*inode_readlink) (struct dentry *dentry, struct vfsmount *mnt);
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
int (*inode_setattr) (struct vfsmount *mnt, struct dentry *dentry,
int (*inode_setattr) (struct dentry *dentry, struct vfsmount *mnt,
@@ -1702,11 +1703,12 @@ static inline int security_inode_rename
new_dir, new_dentry);
}
-static inline int security_inode_readlink (struct dentry *dentry)
+static inline int security_inode_readlink (struct vfsmount *mnt,
+ struct dentry *dentry)
+static inline int security_inode_readlink (struct dentry *dentry,
+ struct vfsmount *mnt)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_readlink (dentry);
+ return security_ops->inode_readlink (mnt, dentry);
+ return security_ops->inode_readlink (dentry, mnt);
}
static inline int security_inode_follow_link (struct dentry *dentry,
@ -57,8 +57,8 @@ Index: linux-2.6.19/include/linux/security.h
}
-static inline int security_inode_readlink (struct dentry *dentry)
+static inline int security_inode_readlink (struct vfsmount *mnt,
+ struct dentry *dentry)
+static inline int security_inode_readlink (struct dentry *dentry,
+ struct vfsmount *mnt)
{
return 0;
}
@ -71,7 +71,7 @@ Index: linux-2.6.19/security/dummy.c
}
-static int dummy_inode_readlink (struct dentry *dentry)
+static int dummy_inode_readlink (struct vfsmount *mnt, struct dentry *dentry)
+static int dummy_inode_readlink (struct dentry *dentry, struct vfsmount *mnt)
{
return 0;
}
@ -84,7 +84,7 @@ Index: linux-2.6.19/security/selinux/hooks.c
}
-static int selinux_inode_readlink(struct dentry *dentry)
+static int selinux_inode_readlink(struct vfsmount *mnt, struct dentry *dentry)
+static int selinux_inode_readlink(struct dentry *dentry, struct vfsmount *mnt)
{
return dentry_has_perm(current, NULL, dentry, FILE__READ);
}

48
kernel-patches/for-mainline/security-removexattr.diff
View file

@ -7,12 +7,12 @@ Index: linux-2.6.19/fs/xattr.c
===================================================================
--- linux-2.6.19.orig/fs/xattr.c
+++ linux-2.6.19/fs/xattr.c
@@ -178,7 +178,7 @@ vfs_removexattr(struct vfsmount *mnt, st
@@ -178,7 +178,7 @@ vfs_removexattr(struct dentry *dentry, s
if (error)
return error;
- error = security_inode_removexattr(dentry, name);
+ error = security_inode_removexattr(mnt, dentry, name);
+ error = security_inode_removexattr(dentry, mnt, name);
if (error)
return error;
@ -23,47 +23,47 @@ Index: linux-2.6.19/include/linux/security.h
@@ -50,7 +50,7 @@ extern int cap_bprm_set_security (struct
extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
extern int cap_bprm_secureexec(struct linux_binprm *bprm);
extern int cap_inode_setxattr(struct vfsmount *mnt, struct dentry *dentry, char *name, void *value, size_t size, int flags);
extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags);
-extern int cap_inode_removexattr(struct dentry *dentry, char *name);
+extern int cap_inode_removexattr(struct vfsmount *mnt, struct dentry *dentry, char *name);
+extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name);
extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
extern void cap_task_reparent_to_init (struct task_struct *p);
extern int cap_syslog (int type);
@@ -1257,7 +1257,8 @@ struct security_operations {
int (*inode_getxattr) (struct vfsmount *mnt, struct dentry *dentry,
@@ -1259,7 +1259,8 @@ struct security_operations {
int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt,
char *name);
int (*inode_listxattr) (struct vfsmount *mnt, struct dentry *dentry);
int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt);
- int (*inode_removexattr) (struct dentry *dentry, char *name);
+ int (*inode_removexattr) (struct vfsmount *mnt, struct dentry *dentry,
+ int (*inode_removexattr) (struct dentry *dentry, struct vfsmount *mnt,
+ char *name);
const char *(*inode_xattr_getsuffix) (void);
int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
@@ -1804,11 +1805,12 @@ static inline int security_inode_listxat
return security_ops->inode_listxattr (mnt, dentry);
@@ -1808,11 +1809,12 @@ static inline int security_inode_listxat
return security_ops->inode_listxattr (dentry, mnt);
}
-static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+static inline int security_inode_removexattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name)
+static inline int security_inode_removexattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_removexattr (dentry, name);
+ return security_ops->inode_removexattr (mnt, dentry, name);
+ return security_ops->inode_removexattr (dentry, mnt, name);
}
static inline const char *security_inode_xattr_getsuffix(void)
@@ -2504,9 +2506,10 @@ static inline int security_inode_listxat
@@ -2511,9 +2513,10 @@ static inline int security_inode_listxat
return 0;
}
-static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+static inline int security_inode_removexattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name)
+static inline int security_inode_removexattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
- return cap_inode_removexattr(dentry, name);
+ return cap_inode_removexattr(mnt, dentry, name);
+ return cap_inode_removexattr(dentry, mnt, name);
}
static inline const char *security_inode_xattr_getsuffix (void)
@ -71,12 +71,12 @@ Index: linux-2.6.19/security/commoncap.c
===================================================================
--- linux-2.6.19.orig/security/commoncap.c
+++ linux-2.6.19/security/commoncap.c
@@ -201,7 +201,8 @@ int cap_inode_setxattr(struct vfsmount *
@@ -201,7 +201,8 @@ int cap_inode_setxattr(struct dentry *de
return 0;
}
-int cap_inode_removexattr(struct dentry *dentry, char *name)
+int cap_inode_removexattr(struct vfsmount *mnt, struct dentry *dentry,
+int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt,
+ char *name)
{
if (!strncmp(name, XATTR_SECURITY_PREFIX,
@ -85,12 +85,12 @@ Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -377,7 +377,8 @@ static int dummy_inode_listxattr (struct
@@ -379,7 +379,8 @@ static int dummy_inode_listxattr (struct
return 0;
}
-static int dummy_inode_removexattr (struct dentry *dentry, char *name)
+static int dummy_inode_removexattr (struct vfsmount *mnt, struct dentry *dentry,
+static int dummy_inode_removexattr (struct dentry *dentry, struct vfsmount *mnt,
+ char *name)
{
if (!strncmp(name, XATTR_SECURITY_PREFIX,
@ -99,13 +99,13 @@ Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2354,7 +2354,8 @@ static int selinux_inode_listxattr (stru
@@ -2357,7 +2357,8 @@ static int selinux_inode_listxattr (stru
return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
}
-static int selinux_inode_removexattr (struct dentry *dentry, char *name)
+static int selinux_inode_removexattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name)
+static int selinux_inode_removexattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name)
{
if (strcmp(name, XATTR_NAME_SELINUX)) {
if (!strncmp(name, XATTR_SECURITY_PREFIX,

80
kernel-patches/for-mainline/security-rename.diff
View file

@ -12,8 +12,8 @@ Index: linux-2.6.19/fs/namei.c
}
- error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
+ error = security_inode_rename(old_dir, old_mnt, old_dentry, new_dir,
+ new_mnt, new_dentry);
+ error = security_inode_rename(old_dir, old_dentry, old_mnt,
+ new_dir, new_dentry, new_mnt);
if (error)
return error;
@ -22,8 +22,8 @@ Index: linux-2.6.19/fs/namei.c
int error;
- error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
+ error = security_inode_rename(old_dir, old_mnt, old_dentry, new_dir,
+ new_mnt, new_dentry);
+ error = security_inode_rename(old_dir, old_dentry, old_mnt,
+ new_dir, new_dentry, new_mnt);
if (error)
return error;
@ -31,92 +31,92 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -335,8 +335,10 @@ struct request_sock;
* @inode_rename:
@@ -336,8 +336,10 @@ struct request_sock;
* Check for permission to rename a file or directory.
* @old_dir contains the inode structure for parent of the old link.
+ * @old_mnt is the vfsmount where @old_dentry was looked up (may be NULL)
* @old_dentry contains the dentry structure of the old link.
+ * @old_mnt is the vfsmount where @old_dentry was looked up (may be NULL)
* @new_dir contains the inode structure for parent of the new link.
+ * @new_mnt is the vfsmount for @new_dentry (may be NULL)
* @new_dentry contains the dentry structure of the new link.
+ * @new_mnt is the vfsmount for @new_dentry (may be NULL)
* Return 0 if permission is granted.
* @inode_readlink:
@@ -1237,8 +1239,10 @@ struct security_operations {
struct dentry *dentry);
int (*inode_mknod) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode, dev_t dev);
- int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
* Check the permission to read the symbolic link.
@@ -1238,7 +1240,9 @@ struct security_operations {
int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode, dev_t dev);
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry);
+ int (*inode_rename) (struct inode *old_dir, struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *new_dir,
+ struct vfsmount *new_mnt,
+ struct dentry *new_dentry);
int (*inode_readlink) (struct vfsmount *mnt, struct dentry *dentry);
+ struct vfsmount *old_mnt,
+ struct inode *new_dir, struct dentry *new_dentry,
+ struct vfsmount *new_mnt);
int (*inode_readlink) (struct dentry *dentry, struct vfsmount *mnt);
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
@@ -1704,15 +1708,17 @@ static inline int security_inode_mknod (
}
@@ -1705,14 +1709,16 @@ static inline int security_inode_mknod (
static inline int security_inode_rename (struct inode *old_dir,
+ struct vfsmount *old_mnt,
struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
struct inode *new_dir,
+ struct vfsmount *new_mnt,
struct dentry *new_dentry)
- struct dentry *new_dentry)
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
return 0;
- return security_ops->inode_rename (old_dir, old_dentry,
- new_dir, new_dentry);
+ return security_ops->inode_rename (old_dir, old_mnt, old_dentry,
+ new_dir, new_mnt, new_dentry);
+ return security_ops->inode_rename (old_dir, old_dentry, old_mnt,
+ new_dir, new_dentry, new_mnt);
}
static inline int security_inode_readlink (struct vfsmount *mnt,
@@ -2427,8 +2433,10 @@ static inline int security_inode_mknod (
}
static inline int security_inode_readlink (struct dentry *dentry,
@@ -2428,8 +2434,10 @@ static inline int security_inode_mknod (
static inline int security_inode_rename (struct inode *old_dir,
+ struct vfsmount *old_mnt,
struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
struct inode *new_dir,
+ struct vfsmount *new_mnt,
struct dentry *new_dentry)
- struct dentry *new_dentry)
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
return 0;
}
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -309,8 +309,10 @@ static int dummy_inode_mknod (struct ino
}
@@ -310,8 +310,10 @@ static int dummy_inode_mknod (struct ino
static int dummy_inode_rename (struct inode *old_inode,
+ struct vfsmount *old_mnt,
struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
struct inode *new_inode,
+ struct vfsmount *new_mnt,
struct dentry *new_dentry)
- struct dentry *new_dentry)
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
return 0;
}
Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2190,8 +2190,12 @@ static int selinux_inode_mknod(struct in
@@ -2191,8 +2191,12 @@ static int selinux_inode_mknod(struct in
return may_create(dir, dentry, inode_mode_to_security_class(mode));
}
-static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
- struct inode *new_inode, struct dentry *new_dentry)
+static int selinux_inode_rename(struct inode *old_inode,
+ struct vfsmount *old_mnt,
+ struct dentry *old_dentry,
+ struct vfsmount *old_mnt,
+ struct inode *new_inode,
+ struct vfsmount *new_mnt,
+ struct dentry *new_dentry)
+ struct dentry *new_dentry,
+ struct vfsmount *new_mnt)
{
return may_rename(old_inode, old_dentry, new_inode, new_dentry);
}

47
kernel-patches/for-mainline/security-rmdir.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
error = -EBUSY;
else {
- error = security_inode_rmdir(dir, dentry);
+ error = security_inode_rmdir(dir, mnt, dentry);
+ error = security_inode_rmdir(dir, dentry, mnt);
if (!error) {
error = dir->i_op->rmdir(dir, dentry);
if (!error)
@ -20,46 +20,49 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -317,6 +317,7 @@ struct request_sock;
* @inode_rmdir:
@@ -318,6 +318,7 @@ struct request_sock;
* Check the permission to remove a directory.
* @dir contains the inode structure of parent of the directory to be removed.
+ * @mnt is the vfsmount where the dentry was looked up (may be NULL)
* @dentry contains the dentry structure of directory to be removed.
+ * @mnt is the vfsmount where the dentry was looked up (may be NULL)
* Return 0 if permission is granted.
* @inode_mknod:
* Check permissions when creating a special file (or a socket or a fifo
@@ -1230,7 +1231,8 @@ struct security_operations {
struct dentry *dentry, const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode);
struct vfsmount *mnt, const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode);
- int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
+ int (*inode_rmdir) (struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry);
int (*inode_mknod) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode, dev_t dev);
+ int (*inode_rmdir) (struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt);
int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode, dev_t dev);
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
@@ -1680,11 +1682,12 @@ static inline int security_inode_mkdir (
}
static inline int security_inode_rmdir (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry)
- struct dentry *dentry)
+ struct dentry *dentry,
+ struct vfsmount *mnt)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_rmdir (dir, dentry);
+ return security_ops->inode_rmdir (dir, mnt, dentry);
+ return security_ops->inode_rmdir (dir, dentry, mnt);
}
static inline int security_inode_mknod (struct inode *dir,
@@ -2405,6 +2408,7 @@ static inline int security_inode_mkdir (
@@ -2405,7 +2408,8 @@ static inline int security_inode_mkdir (
}
static inline int security_inode_rmdir (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry)
- struct dentry *dentry)
+ struct dentry *dentry,
+ struct vfsmount *mnt)
{
return 0;
}
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
@ -69,8 +72,8 @@ Index: linux-2.6.19/security/dummy.c
}
-static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
+static int dummy_inode_rmdir (struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry)
+static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry,
+ struct vfsmount *mnt)
{
return 0;
}
@ -78,13 +81,13 @@ Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2171,7 +2171,8 @@ static int selinux_inode_mkdir(struct in
@@ -2172,7 +2172,8 @@ static int selinux_inode_mkdir(struct in
return may_create(dir, dentry, SECCLASS_DIR);
}
-static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
+static int selinux_inode_rmdir(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry)
+static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt)
{
return may_link(dir, dentry, MAY_RMDIR);
}

38
kernel-patches/for-mainline/security-setattr.diff
View file

@ -7,19 +7,19 @@ Index: linux-2.6.19/fs/attr.c
===================================================================
--- linux-2.6.19.orig/fs/attr.c
+++ linux-2.6.19/fs/attr.c
@@ -145,13 +145,13 @@ int notify_change(struct vfsmount *mnt,
@@ -145,13 +145,13 @@ int notify_change(struct dentry * dentry
down_write(&dentry->d_inode->i_alloc_sem);
if (inode->i_op && inode->i_op->setattr) {
- error = security_inode_setattr(dentry, attr);
+ error = security_inode_setattr(mnt, dentry, attr);
+ error = security_inode_setattr(dentry, mnt, attr);
if (!error)
error = inode->i_op->setattr(dentry, attr);
} else {
error = inode_change_ok(inode, attr);
if (!error)
- error = security_inode_setattr(dentry, attr);
+ error = security_inode_setattr(mnt, dentry, attr);
+ error = security_inode_setattr(dentry, mnt, attr);
if (!error) {
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
@ -27,47 +27,43 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -357,6 +357,7 @@ struct request_sock;
* call to notify_change is performed from several locations, whenever
@@ -358,6 +358,7 @@ struct request_sock;
* file attributes change (such as when a file is truncated, chown/chmod
* operations, transferring disk quotas, etc).
+ * @mnt is the vfsmount where the dentry was looked up (may be NULL)
* @dentry contains the dentry structure for the file.
+ * @mnt is the vfsmount where the dentry was looked up (may be NULL)
* @attr is the iattr structure containing the new file attributes.
* Return 0 if permission is granted.
* @inode_getattr:
@@ -1229,7 +1230,8 @@ struct security_operations {
int (*inode_readlink) (struct dentry *dentry);
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
- int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
+ int (*inode_setattr) (struct vfsmount *mnt, struct dentry *dentry,
+ int (*inode_setattr) (struct dentry *dentry, struct vfsmount *mnt,
+ struct iattr *attr);
int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
void (*inode_delete) (struct inode *inode);
int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
@@ -1716,12 +1718,13 @@ static inline int security_inode_permiss
return security_ops->inode_permission (inode, mask, nd);
@@ -1717,11 +1719,12 @@ static inline int security_inode_permiss
}
-static inline int security_inode_setattr (struct dentry *dentry,
+static inline int security_inode_setattr (struct vfsmount *mnt,
+ struct dentry *dentry,
static inline int security_inode_setattr (struct dentry *dentry,
+ struct vfsmount *mnt,
struct iattr *attr)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_setattr (dentry, attr);
+ return security_ops->inode_setattr (mnt, dentry, attr);
+ return security_ops->inode_setattr (dentry, mnt, attr);
}
static inline int security_inode_getattr (struct vfsmount *mnt,
@@ -2420,7 +2423,8 @@ static inline int security_inode_permiss
return 0;
@@ -2421,6 +2424,7 @@ static inline int security_inode_permiss
}
-static inline int security_inode_setattr (struct dentry *dentry,
+static inline int security_inode_setattr (struct vfsmount *mnt,
+ struct dentry *dentry,
static inline int security_inode_setattr (struct dentry *dentry,
+ struct vfsmount *mnt,
struct iattr *attr)
{
return 0;
@ -80,7 +76,7 @@ Index: linux-2.6.19/security/dummy.c
}
-static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+static int dummy_inode_setattr (struct vfsmount *mnt, struct dentry *dentry,
+static int dummy_inode_setattr (struct dentry *dentry, struct vfsmount *mnt,
+ struct iattr *iattr)
{
return 0;
@ -94,13 +90,13 @@ Index: linux-2.6.19/security/selinux/hooks.c
}
-static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int selinux_inode_setattr(struct vfsmount *mnt, struct dentry *dentry,
+static int selinux_inode_setattr(struct dentry *dentry, struct vfsmount *mnt,
+ struct iattr *iattr)
{
int rc;
- rc = secondary_ops->inode_setattr(dentry, iattr);
+ rc = secondary_ops->inode_setattr(mnt, dentry, iattr);
+ rc = secondary_ops->inode_setattr(dentry, mnt, iattr);
if (rc)
return rc;

111
kernel-patches/for-mainline/security-setxattr.diff
View file

@ -12,52 +12,92 @@ Index: linux-2.6.19/include/linux/security.h
extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
extern int cap_bprm_secureexec(struct linux_binprm *bprm);
-extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags);
+extern int cap_inode_setxattr(struct vfsmount *mnt, struct dentry *dentry, char *name, void *value, size_t size, int flags);
+extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags);
extern int cap_inode_removexattr(struct dentry *dentry, char *name);
extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
extern void cap_task_reparent_to_init (struct task_struct *p);
@@ -1250,8 +1250,8 @@ struct security_operations {
@@ -384,11 +384,11 @@ struct request_sock;
* inode.
* @inode_setxattr:
* Check permission before setting the extended attributes
- * @value identified by @name for @dentry.
+ * @value identified by @name for @dentry and @mnt.
* Return 0 if permission is granted.
* @inode_post_setxattr:
* Update inode security field after successful setxattr operation.
- * @value identified by @name for @dentry.
+ * @value identified by @name for @dentry and @mnt.
* @inode_getxattr:
* Check permission before obtaining the extended attributes
* identified by @name for @dentry.
@@ -1250,9 +1250,11 @@ struct security_operations {
struct iattr *attr);
int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
void (*inode_delete) (struct inode *inode);
- int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
- size_t size, int flags);
+ int (*inode_setxattr) (struct vfsmount *mnt, struct dentry *dentry,
- void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value,
+ int (*inode_setxattr) (struct dentry *dentry, struct vfsmount *mnt,
+ char *name, void *value, size_t size, int flags);
void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value,
+ void (*inode_post_setxattr) (struct dentry *dentry,
+ struct vfsmount *mnt,
+ char *name, void *value,
size_t size, int flags);
int (*inode_getxattr) (struct dentry *dentry, char *name);
@@ -1769,12 +1769,14 @@ static inline void security_inode_delete
int (*inode_listxattr) (struct dentry *dentry);
@@ -1769,20 +1771,24 @@ static inline void security_inode_delete
security_ops->inode_delete (inode);
}
-static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+static inline int security_inode_setxattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name,
+static inline int security_inode_setxattr (struct dentry *dentry,
+ struct vfsmount *mnt, char *name,
void *value, size_t size, int flags)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_setxattr (dentry, name, value, size, flags);
+ return security_ops->inode_setxattr (mnt, dentry, name, value, size,
+ return security_ops->inode_setxattr (dentry, mnt, name, value, size,
+ flags);
}
static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
@@ -2476,10 +2478,11 @@ static inline int security_inode_getattr
-static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
+static inline void security_inode_post_setxattr (struct dentry *dentry,
+ struct vfsmount *mnt,
+ char *name, void *value,
+ size_t size, int flags)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return;
- security_ops->inode_post_setxattr (dentry, name, value, size, flags);
+ security_ops->inode_post_setxattr (dentry, mnt, name, value, size, flags);
}
static inline int security_inode_getxattr (struct dentry *dentry, char *name)
@@ -2476,14 +2482,18 @@ static inline int security_inode_getattr
static inline void security_inode_delete (struct inode *inode)
{ }
-static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+static inline int security_inode_setxattr (struct vfsmount *mnt,
+ struct dentry *dentry, char *name,
+static inline int security_inode_setxattr (struct dentry *dentry,,
+ struct vfsmount *mnt, char *name,
void *value, size_t size, int flags)
{
- return cap_inode_setxattr(dentry, name, value, size, flags);
+ return cap_inode_setxattr(mnt, dentry, name, value, size, flags);
+ return cap_inode_setxattr(dentry, mnt, name, value, size, flags);
}
static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
-static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
+static inline void security_inode_post_setxattr (struct dentry *dentry,
+ struct vfsmount *mnt,
+ char *name,
+ void *value, size_t size,
+ int flags)
{ }
static inline int security_inode_getxattr (struct dentry *dentry, char *name)
Index: linux-2.6.19/security/commoncap.c
===================================================================
--- linux-2.6.19.orig/security/commoncap.c
@ -68,7 +108,7 @@ Index: linux-2.6.19/security/commoncap.c
-int cap_inode_setxattr(struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
+int cap_inode_setxattr(struct vfsmount *mnt, struct dentry *dentry, char *name,
+int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
+ void *value, size_t size, int flags)
{
if (!strncmp(name, XATTR_SECURITY_PREFIX,
@ -83,37 +123,68 @@ Index: linux-2.6.19/security/dummy.c
-static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
+static int dummy_inode_setxattr (struct vfsmount *mnt, struct dentry *dentry,
+static int dummy_inode_setxattr (struct dentry *dentry, struct vfsmount *mnt,
+ char *name, void *value, size_t size,
+ int flags)
{
if (!strncmp(name, XATTR_SECURITY_PREFIX,
sizeof(XATTR_SECURITY_PREFIX) - 1) &&
@@ -360,7 +361,9 @@ static int dummy_inode_setxattr (struct
return 0;
}
-static void dummy_inode_post_setxattr (struct dentry *dentry, char *name, void *value,
+static void dummy_inode_post_setxattr (struct dentry *dentry,
+ struct vfsmount *mnt,
+ char *name, void *value,
size_t size, int flags)
{
}
Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2257,7 +2257,9 @@ static int selinux_inode_getattr(struct
@@ -2258,7 +2258,9 @@ static int selinux_inode_getattr(struct
return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
}
-static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
+static int selinux_inode_setxattr(struct vfsmount *mnt, struct dentry *dentry,
+static int selinux_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt,
+ char *name, void *value, size_t size,
+ int flags)
{
struct task_security_struct *tsec = current->security;
struct inode *inode = dentry->d_inode;
@@ -2318,7 +2320,9 @@ static int selinux_inode_setxattr(struct
&ad);
}
-static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
+static void selinux_inode_post_setxattr(struct dentry *dentry,
+ struct vfsmount *mnt,
+ char *name,
void *value, size_t size, int flags)
{
struct inode *inode = dentry->d_inode;
Index: linux-2.6.19/fs/xattr.c
===================================================================
--- linux-2.6.19.orig/fs/xattr.c
+++ linux-2.6.19/fs/xattr.c
@@ -81,7 +81,7 @@ vfs_setxattr(struct vfsmount *mnt, struc
@@ -81,7 +81,7 @@ vfs_setxattr(struct dentry *dentry, stru
return error;
mutex_lock(&inode->i_mutex);
- error = security_inode_setxattr(dentry, name, value, size, flags);
+ error = security_inode_setxattr(mnt, dentry, name, value, size, flags);
+ error = security_inode_setxattr(dentry, mnt, name, value, size, flags);
if (error)
goto out;
error = -EOPNOTSUPP;
@@ -89,7 +89,7 @@ vfs_setxattr(struct dentry *dentry, stru
error = inode->i_op->setxattr(dentry, name, value, size, flags);
if (!error) {
fsnotify_xattr(dentry);
- security_inode_post_setxattr(dentry, name, value,
+ security_inode_post_setxattr(dentry, mnt, name, value,
size, flags);
}
} else if (!strncmp(name, XATTR_SECURITY_PREFIX,

45
kernel-patches/for-mainline/security-symlink.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
return -EPERM;
- error = security_inode_symlink(dir, dentry, oldname);
+ error = security_inode_symlink(dir, mnt, dentry, oldname);
+ error = security_inode_symlink(dir, dentry, mnt, oldname);
if (error)
return error;
@ -20,58 +20,57 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -300,6 +300,7 @@ struct request_sock;
* @inode_symlink:
@@ -301,6 +301,7 @@ struct request_sock;
* Check the permission to create a symbolic link to a file.
* @dir contains the inode structure of parent directory of the symbolic link.
+ * @mnt is the vfsmount of the new dentry (may be NULL)
* @dentry contains the dentry structure of the symbolic link.
+ * @mnt is the vfsmount corresponding to dir (may be NULL)
* @old_name contains the pathname of file.
* Return 0 if permission is granted.
@@ -1221,7 +1222,7 @@ struct security_operations {
* @inode_mkdir:
@@ -1221,8 +1222,8 @@ struct security_operations {
int (*inode_link) (struct dentry *old_dentry,
struct inode *dir, struct dentry *new_dentry);
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
- int (*inode_symlink) (struct inode *dir,
+ int (*inode_symlink) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, int mode);
@@ -1652,12 +1653,13 @@ static inline int security_inode_unlink
}
- struct dentry *dentry, const char *old_name);
+ int (*inode_symlink) (struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, int mode);
int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
@@ -1653,11 +1654,12 @@ static inline int security_inode_unlink
static inline int security_inode_symlink (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
const char *old_name)
{
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_symlink (dir, dentry, old_name);
+ return security_ops->inode_symlink (dir, mnt, dentry, old_name);
+ return security_ops->inode_symlink (dir, dentry, mnt, old_name);
}
static inline int security_inode_mkdir (struct inode *dir,
@@ -2377,6 +2379,7 @@ static inline int security_inode_unlink
}
@@ -2378,6 +2380,7 @@ static inline int security_inode_unlink
static inline int security_inode_symlink (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry,
+ struct vfsmount *mnt,
const char *old_name)
{
return 0;
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -281,8 +281,8 @@ static int dummy_inode_unlink (struct in
return 0;
@@ -282,7 +282,7 @@ static int dummy_inode_unlink (struct in
}
-static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
- const char *name)
+static int dummy_inode_symlink (struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry, const char *name)
+ struct vfsmount *mnt, const char *name)
{
return 0;
}
@ -84,8 +83,8 @@ Index: linux-2.6.19/security/selinux/hooks.c
}
-static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
+static int selinux_inode_symlink(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry, const char *name)
+static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt, const char *name)
{
return may_create(dir, dentry, SECCLASS_LNK_FILE);
}

53
kernel-patches/for-mainline/security-unlink.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
error = -EBUSY;
else {
- error = security_inode_unlink(dir, dentry);
+ error = security_inode_unlink(dir, mnt, dentry);
+ error = security_inode_unlink(dir, dentry, mnt);
if (!error)
error = dir->i_op->unlink(dir, dentry);
}
@ -20,57 +20,60 @@ Index: linux-2.6.19/include/linux/security.h
===================================================================
--- linux-2.6.19.orig/include/linux/security.h
+++ linux-2.6.19/include/linux/security.h
@@ -297,6 +297,7 @@ struct request_sock;
* @inode_unlink:
@@ -298,6 +298,7 @@ struct request_sock;
* Check the permission to remove a hard link to a file.
* @dir contains the inode structure of parent directory of the file.
+ * @mnt is the vfsmount where the dentry was looked up (may be NULL)
* @dentry contains the dentry structure for file to be unlinked.
+ * @mnt is the vfsmount where the dentry was looked up (may be NULL)
* Return 0 if permission is granted.
* @inode_symlink:
* Check the permission to create a symbolic link to a file.
@@ -1226,7 +1227,8 @@ struct security_operations {
int (*inode_link) (struct vfsmount *old_mnt, struct dentry *old_dentry,
struct inode *dir, struct vfsmount *new_mnt,
struct dentry *new_dentry);
int (*inode_link) (struct dentry *old_dentry, struct vfsmount *old_mnt,
struct inode *dir, struct dentry *new_dentry,
struct vfsmount *new_mnt);
- int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
+ int (*inode_unlink) (struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry);
int (*inode_symlink) (struct inode *dir, struct vfsmount *mnt,
struct dentry *dentry, const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct vfsmount *mnt,
+ int (*inode_unlink) (struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt);
int (*inode_symlink) (struct inode *dir, struct dentry *dentry,
struct vfsmount *mnt, const char *old_name);
int (*inode_mkdir) (struct inode *dir, struct dentry *dentry,
@@ -1654,11 +1656,12 @@ static inline int security_inode_link (s
}
static inline int security_inode_unlink (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry)
- struct dentry *dentry)
+ struct dentry *dentry,
+ struct vfsmount *mnt)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_unlink (dir, dentry);
+ return security_ops->inode_unlink (dir, mnt, dentry);
+ return security_ops->inode_unlink (dir, dentry, mnt);
}
static inline int security_inode_symlink (struct inode *dir,
@@ -2386,6 +2389,7 @@ static inline int security_inode_link (s
@@ -2386,7 +2389,8 @@ static inline int security_inode_link (s
}
static inline int security_inode_unlink (struct inode *dir,
+ struct vfsmount *mnt,
struct dentry *dentry)
- struct dentry *dentry)
+ struct dentry *dentry,
+ struct vfsmount *mnt)
{
return 0;
}
Index: linux-2.6.19/security/dummy.c
===================================================================
--- linux-2.6.19.orig/security/dummy.c
+++ linux-2.6.19/security/dummy.c
@@ -278,7 +278,8 @@ static int dummy_inode_link (struct vfsm
@@ -278,7 +278,8 @@ static int dummy_inode_link (struct dent
return 0;
}
-static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
+static int dummy_inode_unlink (struct inode *inode, struct vfsmount *mnt,
+ struct dentry *dentry)
+static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry,
+ struct vfsmount *mnt)
{
return 0;
}
@ -78,18 +81,18 @@ Index: linux-2.6.19/security/selinux/hooks.c
===================================================================
--- linux-2.6.19.orig/security/selinux/hooks.c
+++ linux-2.6.19/security/selinux/hooks.c
@@ -2149,11 +2149,12 @@ static int selinux_inode_link(struct vfs
@@ -2150,11 +2150,12 @@ static int selinux_inode_link(struct den
return may_link(dir, old_dentry, MAY_LINK);
}
-static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
+static int selinux_inode_unlink(struct inode *dir, struct vfsmount *mnt,
+ struct dentry *dentry)
+static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry,
+ struct vfsmount *mnt)
{
int rc;
- rc = secondary_ops->inode_unlink(dir, dentry);
+ rc = secondary_ops->inode_unlink(dir, mnt, dentry);
+ rc = secondary_ops->inode_unlink(dir, dentry, mnt);
if (rc)
return rc;
return may_link(dir, dentry, MAY_UNLINK);

20
kernel-patches/for-mainline/vfs-getxattr.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
ssize_t buflen;
- buflen = vfs_getxattr(dentry, key, NULL, 0);
+ buflen = vfs_getxattr(NULL, dentry, key, NULL, 0);
+ buflen = vfs_getxattr(dentry, NULL, key, NULL, 0);
if (buflen <= 0)
return buflen;
@ -21,7 +21,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
return -ENOMEM;
- return vfs_getxattr(dentry, key, *buf, buflen);
+ return vfs_getxattr(NULL, dentry, key, *buf, buflen);
+ return vfs_getxattr(dentry, NULL, key, *buf, buflen);
}
#endif
@ -34,7 +34,7 @@ Index: linux-2.6.19/fs/xattr.c
ssize_t
-vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size)
+vfs_getxattr(struct vfsmount *mnt, struct dentry *dentry, char *name,
+vfs_getxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
+ void *value, size_t size)
{
struct inode *inode = dentry->d_inode;
@ -44,7 +44,7 @@ Index: linux-2.6.19/fs/xattr.c
*/
static ssize_t
-getxattr(struct dentry *d, char __user *name, void __user *value, size_t size)
+getxattr(struct vfsmount *mnt, struct dentry *dentry, char __user *name,
+getxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name,
+ void __user *value, size_t size)
{
ssize_t error;
@ -54,7 +54,7 @@ Index: linux-2.6.19/fs/xattr.c
}
- error = vfs_getxattr(d, kname, kvalue, size);
+ error = vfs_getxattr(mnt, dentry, kname, kvalue, size);
+ error = vfs_getxattr(dentry, mnt, kname, kvalue, size);
if (error > 0) {
if (size && copy_to_user(value, kvalue, error))
error = -EFAULT;
@ -63,7 +63,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = getxattr(nd.dentry, name, value, size);
+ error = getxattr(nd.mnt, nd.dentry, name, value, size);
+ error = getxattr(nd.dentry, nd.mnt, name, value, size);
path_release(&nd);
return error;
}
@ -72,7 +72,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = getxattr(nd.dentry, name, value, size);
+ error = getxattr(nd.mnt, nd.dentry, name, value, size);
+ error = getxattr(nd.dentry, nd.mnt, name, value, size);
path_release(&nd);
return error;
}
@ -81,7 +81,7 @@ Index: linux-2.6.19/fs/xattr.c
if (!f)
return error;
- error = getxattr(f->f_dentry, name, value, size);
+ error = getxattr(f->f_vfsmnt, f->f_dentry, name, value, size);
+ error = getxattr(f->f_dentry, f->f_vfsmnt, name, value, size);
fput(f);
return error;
}
@ -94,8 +94,8 @@ Index: linux-2.6.19/include/linux/xattr.h
};
-ssize_t vfs_getxattr(struct dentry *, char *, void *, size_t);
+ssize_t vfs_getxattr(struct vfsmount *, struct dentry *, char *, void *,
+ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *,
+ size_t);
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
int vfs_setxattr(struct vfsmount *, struct dentry *, char *, void *, size_t,
int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t,
int);

26
kernel-patches/for-mainline/vfs-link.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/namei.c
}
-int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
+int vfs_link(struct vfsmount *old_mnt, struct dentry *old_dentry, struct inode *dir, struct vfsmount *new_mnt, struct dentry *new_dentry)
+int vfs_link(struct dentry *old_dentry, struct vfsmount *old_mnt, struct inode *dir, struct dentry *new_dentry, struct vfsmount *new_mnt)
{
struct inode *inode = old_dentry->d_inode;
int error;
@ -21,8 +21,8 @@ Index: linux-2.6.19/fs/namei.c
if (IS_ERR(new_dentry))
goto out_unlock;
- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+ error = vfs_link(old_nd.mnt, old_nd.dentry, nd.dentry->d_inode, nd.mnt,
+ new_dentry);
+ error = vfs_link(old_nd.dentry, old_nd.mnt, nd.dentry->d_inode,
+ new_dentry, nd.mnt);
dput(new_dentry);
out_unlock:
mutex_unlock(&nd.dentry->d_inode->i_mutex);
@ -31,11 +31,11 @@ Index: linux-2.6.19/include/linux/fs.h
--- linux-2.6.19.orig/include/linux/fs.h
+++ linux-2.6.19/include/linux/fs.h
@@ -1016,7 +1016,7 @@ extern int vfs_create(struct inode *, st
extern int vfs_mkdir(struct inode *, struct vfsmount *, struct dentry *, int);
extern int vfs_mknod(struct inode *, struct vfsmount *, struct dentry *, int, dev_t);
extern int vfs_symlink(struct inode *, struct vfsmount *, struct dentry *, const char *, int);
extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int);
extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t);
extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int);
-extern int vfs_link(struct dentry *, struct inode *, struct dentry *);
+extern int vfs_link(struct vfsmount *, struct dentry *, struct inode *, struct vfsmount *, struct dentry *);
+extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
extern int vfs_rmdir(struct inode *, struct dentry *);
extern int vfs_unlink(struct inode *, struct dentry *);
extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *);
@ -43,7 +43,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
===================================================================
--- linux-2.6.19.orig/fs/ecryptfs/inode.c
+++ linux-2.6.19/fs/ecryptfs/inode.c
@@ -444,18 +444,23 @@ static int ecryptfs_link(struct dentry *
@@ -444,19 +444,24 @@ static int ecryptfs_link(struct dentry *
struct dentry *new_dentry)
{
struct dentry *lower_old_dentry;
@ -63,11 +63,13 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
dget(lower_new_dentry);
lower_dir_dentry = lock_parent(lower_new_dentry);
- rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode,
+ rc = vfs_link(lower_old_mnt, lower_old_dentry,
+ lower_dir_dentry->d_inode, lower_new_mnt,
lower_new_dentry);
- lower_new_dentry);
+ rc = vfs_link(lower_old_dentry, lower_old_mnt,
+ lower_dir_dentry->d_inode, lower_new_dentry,
+ lower_new_mnt);
if (rc || !lower_new_dentry->d_inode)
goto out_lock;
rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0);
Index: linux-2.6.19/fs/nfsd/vfs.c
===================================================================
--- linux-2.6.19.orig/fs/nfsd/vfs.c
@ -77,7 +79,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
dest = dold->d_inode;
- host_err = vfs_link(dold, dirp, dnew);
+ host_err = vfs_link(NULL, dold, dirp, NULL, dnew);
+ host_err = vfs_link(dold, NULL, dirp, dnew, NULL);
if (!host_err) {
if (EX_ISSYNC(ffhp->fh_export)) {
err = nfserrno(nfsd_sync_dir(ddir));

23
kernel-patches/for-mainline/vfs-listxattr.diff
View file

@ -7,12 +7,12 @@ Index: linux-2.6.19/fs/xattr.c
===================================================================
--- linux-2.6.19.orig/fs/xattr.c
+++ linux-2.6.19/fs/xattr.c
@@ -144,18 +144,20 @@ vfs_getxattr(struct vfsmount *mnt, struc
@@ -144,18 +144,20 @@ vfs_getxattr(struct dentry *dentry, stru
EXPORT_SYMBOL_GPL(vfs_getxattr);
ssize_t
-vfs_listxattr(struct dentry *d, char *list, size_t size)
+vfs_listxattr(struct vfsmount *mnt, struct dentry *dentry, char *list,
+vfs_listxattr(struct dentry *dentry, struct vfsmount *mnt, char *list,
+ size_t size)
{
+ struct inode *inode = dentry->d_inode;
@ -39,7 +39,7 @@ Index: linux-2.6.19/fs/xattr.c
*/
static ssize_t
-listxattr(struct dentry *d, char __user *list, size_t size)
+listxattr(struct vfsmount *mnt, struct dentry *dentry, char __user *list,
+listxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *list,
+ size_t size)
{
ssize_t error;
@ -49,7 +49,7 @@ Index: linux-2.6.19/fs/xattr.c
}
- error = vfs_listxattr(d, klist, size);
+ error = vfs_listxattr(mnt, dentry, klist, size);
+ error = vfs_listxattr(dentry, mnt, klist, size);
if (error > 0) {
if (size && copy_to_user(list, klist, error))
error = -EFAULT;
@ -58,7 +58,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = listxattr(nd.dentry, list, size);
+ error = listxattr(nd.mnt, nd.dentry, list, size);
+ error = listxattr(nd.dentry, nd.mnt, list, size);
path_release(&nd);
return error;
}
@ -67,7 +67,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = listxattr(nd.dentry, list, size);
+ error = listxattr(nd.mnt, nd.dentry, list, size);
+ error = listxattr(nd.dentry, nd.mnt, list, size);
path_release(&nd);
return error;
}
@ -76,7 +76,7 @@ Index: linux-2.6.19/fs/xattr.c
if (!f)
return error;
- error = listxattr(f->f_dentry, list, size);
+ error = listxattr(f->f_vfsmnt, f->f_dentry, list, size);
+ error = listxattr(f->f_dentry, f->f_vfsmnt, list, size);
fput(f);
return error;
}
@ -84,12 +84,13 @@ Index: linux-2.6.19/include/linux/xattr.h
===================================================================
--- linux-2.6.19.orig/include/linux/xattr.h
+++ linux-2.6.19/include/linux/xattr.h
@@ -42,7 +42,7 @@ struct xattr_handler {
@@ -42,7 +42,8 @@ struct xattr_handler {
ssize_t vfs_getxattr(struct vfsmount *, struct dentry *, char *, void *,
ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *,
size_t);
-ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
+ssize_t vfs_listxattr(struct vfsmount *, struct dentry *, char *, size_t);
int vfs_setxattr(struct vfsmount *, struct dentry *, char *, void *, size_t,
+ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list,
+ size_t size);
int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t,
int);
int vfs_removexattr(struct dentry *, char *);

12
kernel-patches/for-mainline/vfs-mkdir.diff
View file

@ -18,7 +18,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
+ lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
lower_dir_dentry = lock_parent(lower_dentry);
- rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
+ rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_mnt, lower_dentry,
+ rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, lower_mnt,
+ mode);
if (rc || !lower_dentry->d_inode)
goto out;
@ -32,7 +32,7 @@ Index: linux-2.6.19/fs/namei.c
}
-int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
+int vfs_mkdir(struct inode *dir, struct vfsmount *mnt, struct dentry *dentry,
+int vfs_mkdir(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt,
+ int mode)
{
int error = may_create(dir, dentry, NULL);
@ -42,7 +42,7 @@ Index: linux-2.6.19/fs/namei.c
if (!IS_POSIXACL(nd.dentry->d_inode))
mode &= ~current->fs->umask;
- error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+ error = vfs_mkdir(nd.dentry->d_inode, nd.mnt, dentry, mode);
+ error = vfs_mkdir(nd.dentry->d_inode, dentry, nd.mnt, mode);
dput(dentry);
out_unlock:
mutex_unlock(&nd.dentry->d_inode->i_mutex);
@ -55,7 +55,7 @@ Index: linux-2.6.19/fs/nfsd/nfs4recover.c
goto out_put;
}
- status = vfs_mkdir(rec_dir.dentry->d_inode, dentry, S_IRWXU);
+ status = vfs_mkdir(rec_dir.dentry->d_inode, NULL, dentry, S_IRWXU);
+ status = vfs_mkdir(rec_dir.dentry->d_inode, dentry, NULL, S_IRWXU);
out_put:
dput(dentry);
out_unlock:
@ -68,7 +68,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
break;
case S_IFDIR:
- host_err = vfs_mkdir(dirp, dchild, iap->ia_mode);
+ host_err = vfs_mkdir(dirp, NULL, dchild, iap->ia_mode);
+ host_err = vfs_mkdir(dirp, dchild, NULL, iap->ia_mode);
break;
case S_IFCHR:
case S_IFBLK:
@ -81,7 +81,7 @@ Index: linux-2.6.19/include/linux/fs.h
extern int vfs_permission(struct nameidata *, int);
extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *);
-extern int vfs_mkdir(struct inode *, struct dentry *, int);
+extern int vfs_mkdir(struct inode *, struct vfsmount *, struct dentry *, int);
+extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int);
extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t);
extern int vfs_symlink(struct inode *, struct dentry *, const char *, int);
extern int vfs_link(struct dentry *, struct inode *, struct dentry *);

16
kernel-patches/for-mainline/vfs-mknod.diff
View file

@ -18,7 +18,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
+ lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
lower_dir_dentry = lock_parent(lower_dentry);
- rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
+ rc = vfs_mknod(lower_dir_dentry->d_inode, lower_mnt, lower_dentry, mode,
+ rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, lower_mnt, mode,
+ dev);
if (rc || !lower_dentry->d_inode)
goto out;
@ -32,7 +32,7 @@ Index: linux-2.6.19/fs/namei.c
EXPORT_SYMBOL_GPL(lookup_create);
-int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+int vfs_mknod(struct inode *dir, struct vfsmount *mnt, struct dentry *dentry,
+int vfs_mknod(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt,
+ int mode, dev_t dev)
{
int error = may_create(dir, dentry, NULL);
@ -43,12 +43,12 @@ Index: linux-2.6.19/fs/namei.c
case S_IFCHR: case S_IFBLK:
- error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
- new_decode_dev(dev));
+ error = vfs_mknod(nd.dentry->d_inode, nd.mnt, dentry,
+ error = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt,
+ mode, new_decode_dev(dev));
break;
case S_IFIFO: case S_IFSOCK:
- error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
+ error = vfs_mknod(nd.dentry->d_inode, nd.mnt, dentry,
+ error = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt,
+ mode, 0);
break;
case S_IFDIR:
@ -62,7 +62,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
case S_IFIFO:
case S_IFSOCK:
- host_err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev);
+ host_err = vfs_mknod(dirp, NULL, dchild, iap->ia_mode, rdev);
+ host_err = vfs_mknod(dirp, dchild, NULL, iap->ia_mode, rdev);
break;
default:
printk("nfsd: bad file type %o in nfsd_create\n", type);
@ -73,9 +73,9 @@ Index: linux-2.6.19/include/linux/fs.h
@@ -1014,7 +1014,7 @@ static inline void unlock_super(struct s
extern int vfs_permission(struct nameidata *, int);
extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *);
extern int vfs_mkdir(struct inode *, struct vfsmount *, struct dentry *, int);
extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int);
-extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t);
+extern int vfs_mknod(struct inode *, struct vfsmount *, struct dentry *, int, dev_t);
+extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t);
extern int vfs_symlink(struct inode *, struct dentry *, const char *, int);
extern int vfs_link(struct dentry *, struct inode *, struct dentry *);
extern int vfs_rmdir(struct inode *, struct dentry *);
@ -88,7 +88,7 @@ Index: linux-2.6.19/net/unix/af_unix.c
mode = S_IFSOCK |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask);
- err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
+ err = vfs_mknod(nd.dentry->d_inode, nd.mnt, dentry, mode, 0);
+ err = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt, mode, 0);
if (err)
goto out_mknod_dput;
mutex_unlock(&nd.dentry->d_inode->i_mutex);

58
kernel-patches/for-mainline/vfs-notify_change.diff
View file

@ -22,7 +22,7 @@ Index: linux-2.6.19/fs/attr.c
EXPORT_SYMBOL(inode_setattr);
-int notify_change(struct dentry * dentry, struct iattr * attr)
+int notify_change(struct vfsmount *mnt, struct dentry * dentry,
+int notify_change(struct dentry * dentry, struct vfsmount *mnt,
+ struct iattr * attr)
{
struct inode *inode = dentry->d_inode;
@ -37,7 +37,7 @@ Index: linux-2.6.19/include/linux/fs.h
-extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
- struct file *filp);
+extern int do_truncate(struct vfsmount *, struct dentry *, loff_t start,
+extern int do_truncate(struct dentry *, struct vfsmount *, loff_t start,
+ unsigned int time_attrs, struct file *filp);
extern long do_sys_open(int fdf, const char __user *filename, int flags,
int mode);
@ -47,7 +47,7 @@ Index: linux-2.6.19/include/linux/fs.h
extern sector_t bmap(struct inode *, sector_t);
#endif
-extern int notify_change(struct dentry *, struct iattr *);
+extern int notify_change(struct vfsmount *, struct dentry *, struct iattr *);
+extern int notify_change(struct dentry *, struct vfsmount *, struct iattr *);
extern int permission(struct inode *, int, struct nameidata *);
extern int generic_permission(struct inode *, int,
int (*check_acl)(struct inode *, int));
@ -75,7 +75,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
goto out;
}
- rc = notify_change(lower_dentry, ia);
+ rc = notify_change(lower_mnt, lower_dentry, ia);
+ rc = notify_change(lower_dentry, lower_mnt, ia);
out:
ecryptfs_copy_attr_all(inode, lower_inode);
return rc;
@ -88,7 +88,7 @@ Index: linux-2.6.19/fs/fat/file.c
/* This MUST be done before doing anything irreversible... */
- err = notify_change(filp->f_dentry, &ia);
+ err = notify_change(filp->f_vfsmnt, filp->f_dentry, &ia);
+ err = notify_change(filp->f_dentry, filp->f_vfsmnt, &ia);
if (err)
goto up;
@ -101,7 +101,7 @@ Index: linux-2.6.19/fs/hpfs/namei.c
newattrs.ia_size = 0;
newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
- err = notify_change(dentry, &newattrs);
+ err = notify_change(NULL, dentry, &newattrs);
+ err = notify_change(dentry, NULL, &newattrs);
put_write_access(inode);
if (!err)
goto again;
@ -123,7 +123,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
mutex_lock(&dentry->d_inode->i_mutex);
- notify_change(dentry, &ia);
+ notify_change(NULL, dentry, &ia);
+ notify_change(dentry, NULL, &ia);
mutex_unlock(&dentry->d_inode->i_mutex);
}
@ -137,7 +137,7 @@ Index: linux-2.6.19/fs/open.c
-int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
- struct file *filp)
+int do_truncate(struct vfsmount *mnt, struct dentry *dentry, loff_t length,
+int do_truncate(struct dentry *dentry, struct vfsmount *mnt, loff_t length,
+ unsigned int time_attrs, struct file *filp)
{
int err;
@ -147,7 +147,7 @@ Index: linux-2.6.19/fs/open.c
mutex_lock(&dentry->d_inode->i_mutex);
- err = notify_change(dentry, &newattrs);
+ err = notify_change(mnt, dentry, &newattrs);
+ err = notify_change(dentry, mnt, &newattrs);
mutex_unlock(&dentry->d_inode->i_mutex);
return err;
}
@ -156,7 +156,7 @@ Index: linux-2.6.19/fs/open.c
if (!error) {
DQUOT_INIT(inode);
- error = do_truncate(nd.dentry, length, 0, NULL);
+ error = do_truncate(nd.mnt, nd.dentry, length, 0, NULL);
+ error = do_truncate(nd.dentry, nd.mnt, length, 0, NULL);
}
put_write_access(inode);
@ -165,7 +165,7 @@ Index: linux-2.6.19/fs/open.c
error = locks_verify_truncate(inode, file, length);
if (!error)
- error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
+ error = do_truncate(file->f_vfsmnt, dentry, length,
+ error = do_truncate(dentry, file->f_vfsmnt, length,
+ ATTR_MTIME|ATTR_CTIME, file);
out_putf:
fput(file);
@ -175,7 +175,7 @@ Index: linux-2.6.19/fs/open.c
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
- err = notify_change(dentry, &newattrs);
+ err = notify_change(file->f_vfsmnt, dentry, &newattrs);
+ err = notify_change(dentry, file->f_vfsmnt, &newattrs);
mutex_unlock(&inode->i_mutex);
out_putf:
@ -184,7 +184,7 @@ Index: linux-2.6.19/fs/open.c
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
- error = notify_change(nd.dentry, &newattrs);
+ error = notify_change(nd.mnt, nd.dentry, &newattrs);
+ error = notify_change(nd.dentry, nd.mnt, &newattrs);
mutex_unlock(&inode->i_mutex);
dput_and_out:
@ -193,7 +193,7 @@ Index: linux-2.6.19/fs/open.c
}
-static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
+static int chown_common(struct vfsmount *mnt, struct dentry * dentry,
+static int chown_common(struct dentry * dentry, struct vfsmount *mnt,
+ uid_t user, gid_t group)
{
struct inode * inode;
@ -203,7 +203,7 @@ Index: linux-2.6.19/fs/open.c
newattrs.ia_valid |= ATTR_KILL_SUID|ATTR_KILL_SGID;
mutex_lock(&inode->i_mutex);
- error = notify_change(dentry, &newattrs);
+ error = notify_change(mnt, dentry, &newattrs);
+ error = notify_change(dentry, mnt, &newattrs);
mutex_unlock(&inode->i_mutex);
out:
return error;
@ -212,7 +212,7 @@ Index: linux-2.6.19/fs/open.c
if (error)
goto out;
- error = chown_common(nd.dentry, user, group);
+ error = chown_common(nd.mnt, nd.dentry, user, group);
+ error = chown_common(nd.dentry, nd.mnt, user, group);
path_release(&nd);
out:
return error;
@ -221,7 +221,7 @@ Index: linux-2.6.19/fs/open.c
if (error)
goto out;
- error = chown_common(nd.dentry, user, group);
+ error = chown_common(nd.mnt, nd.dentry, user, group);
+ error = chown_common(nd.dentry, nd.mnt, user, group);
path_release(&nd);
out:
return error;
@ -230,7 +230,7 @@ Index: linux-2.6.19/fs/open.c
if (error)
goto out;
- error = chown_common(nd.dentry, user, group);
+ error = chown_common(nd.mnt, nd.dentry, user, group);
+ error = chown_common(nd.dentry, nd.mnt, user, group);
path_release(&nd);
out:
return error;
@ -239,7 +239,7 @@ Index: linux-2.6.19/fs/open.c
dentry = file->f_dentry;
audit_inode(NULL, dentry->d_inode);
- error = chown_common(dentry, user, group);
+ error = chown_common(file->f_vfsmnt, dentry, user, group);
+ error = chown_common(dentry, file->f_vfsmnt, user, group);
fput(file);
out:
return error;
@ -252,7 +252,7 @@ Index: linux-2.6.19/fs/reiserfs/xattr.c
newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
mutex_lock(&xinode->i_mutex);
- err = notify_change(fp->f_dentry, &newattrs);
+ err = notify_change(NULL, fp->f_dentry, &newattrs);
+ err = notify_change(fp->f_dentry, NULL, &newattrs);
if (err)
goto out_filp;
@ -261,7 +261,7 @@ Index: linux-2.6.19/fs/reiserfs/xattr.c
if (!S_ISDIR(xafile->d_inode->i_mode))
- err = notify_change(xafile, attrs);
+ err = notify_change(NULL, xafile, attrs);
+ err = notify_change(xafile, NULL, attrs);
dput(xafile);
return err;
@ -270,7 +270,7 @@ Index: linux-2.6.19/fs/reiserfs/xattr.c
}
- err = notify_change(dir, attrs);
+ err = notify_change(NULL, dir, attrs);
+ err = notify_change(dir, NULL, attrs);
unlock_kernel();
out_dir:
@ -283,7 +283,7 @@ Index: linux-2.6.19/fs/sysfs/file.c
(inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
- res = notify_change(victim, &newattrs);
+ res = notify_change(NULL, victim, &newattrs);
+ res = notify_change(victim, NULL, &newattrs);
mutex_unlock(&inode->i_mutex);
}
dput(victim);
@ -296,7 +296,7 @@ Index: linux-2.6.19/fs/utimes.c
}
mutex_lock(&inode->i_mutex);
- error = notify_change(nd.dentry, &newattrs);
+ error = notify_change(nd.mnt, nd.dentry, &newattrs);
+ error = notify_change(nd.dentry, nd.mnt, &newattrs);
mutex_unlock(&inode->i_mutex);
dput_and_out:
path_release(&nd);
@ -305,7 +305,7 @@ Index: linux-2.6.19/fs/utimes.c
}
mutex_lock(&inode->i_mutex);
- error = notify_change(nd.dentry, &newattrs);
+ error = notify_change(nd.mnt, nd.dentry, &newattrs);
+ error = notify_change(nd.dentry, nd.mnt, &newattrs);
mutex_unlock(&inode->i_mutex);
dput_and_out:
path_release(&nd);
@ -318,7 +318,7 @@ Index: linux-2.6.19/mm/filemap.c
newattrs.ia_valid = ATTR_FORCE | kill;
- return notify_change(file->f_dentry, &newattrs);
+ return notify_change(file->f_vfsmnt, file->f_dentry, &newattrs);
+ return notify_change(file->f_dentry, file->f_vfsmnt, &newattrs);
}
int remove_suid(struct file *file)
@ -332,7 +332,7 @@ Index: linux-2.6.19/fs/exec.c
goto close_fail;
- if (!ispipe && do_truncate(file->f_dentry, 0, 0, file) != 0)
+ if (!ispipe &&
+ do_truncate(file->f_vfsmnt, file->f_dentry, 0, 0, file) != 0)
+ do_truncate(file->f_dentry, file->f_vfsmnt, 0, 0, file) != 0)
goto close_fail;
retval = binfmt->core_dump(signr, regs, file);
@ -345,7 +345,7 @@ Index: linux-2.6.19/fs/namei.c
DQUOT_INIT(inode);
- error = do_truncate(dentry, 0, ATTR_MTIME|ATTR_CTIME, NULL);
+ error = do_truncate(nd->mnt, dentry, 0,
+ error = do_truncate(dentry, nd->mnt, 0,
+ ATTR_MTIME|ATTR_CTIME, NULL);
}
put_write_access(inode);
@ -359,7 +359,7 @@ Index: linux-2.6.19/mm/tiny-shmem.c
/* notify everyone as to the change of file size */
- error = do_truncate(dentry, size, 0, file);
+ error = do_truncate(file->f_vfsmnt, dentry, size, 0, file);
+ error = do_truncate(dentry, file->f_vfsmnt, size, 0, file);
if (error < 0)
goto close_file;

24
kernel-patches/for-mainline/vfs-removexattr.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
error = 0;
else {
- error = vfs_removexattr(fhp->fh_dentry, name);
+ error = vfs_removexattr(NULL, fhp->fh_dentry, name);
+ error = vfs_removexattr(fhp->fh_dentry, NULL, name);
if (error == -ENODATA)
error = 0;
}
@ -20,12 +20,12 @@ Index: linux-2.6.19/fs/xattr.c
===================================================================
--- linux-2.6.19.orig/fs/xattr.c
+++ linux-2.6.19/fs/xattr.c
@@ -166,7 +166,7 @@ vfs_listxattr(struct vfsmount *mnt, stru
@@ -166,7 +166,7 @@ vfs_listxattr(struct dentry *dentry, str
EXPORT_SYMBOL_GPL(vfs_listxattr);
int
-vfs_removexattr(struct dentry *dentry, char *name)
+vfs_removexattr(struct vfsmount *mnt, struct dentry *dentry, char *name)
+vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name)
{
struct inode *inode = dentry->d_inode;
int error;
@ -34,7 +34,7 @@ Index: linux-2.6.19/fs/xattr.c
*/
static long
-removexattr(struct dentry *d, char __user *name)
+removexattr(struct vfsmount *mnt, struct dentry *dentry, char __user *name)
+removexattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name)
{
int error;
char kname[XATTR_NAME_MAX + 1];
@ -43,7 +43,7 @@ Index: linux-2.6.19/fs/xattr.c
return error;
- return vfs_removexattr(d, kname);
+ return vfs_removexattr(mnt, dentry, kname);
+ return vfs_removexattr(dentry, mnt, kname);
}
asmlinkage long
@ -52,7 +52,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = removexattr(nd.dentry, name);
+ error = removexattr(nd.mnt, nd.dentry, name);
+ error = removexattr(nd.dentry, nd.mnt, name);
path_release(&nd);
return error;
}
@ -61,7 +61,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = removexattr(nd.dentry, name);
+ error = removexattr(nd.mnt, nd.dentry, name);
+ error = removexattr(nd.dentry, nd.mnt, name);
path_release(&nd);
return error;
}
@ -70,7 +70,7 @@ Index: linux-2.6.19/fs/xattr.c
dentry = f->f_dentry;
audit_inode(NULL, dentry->d_inode);
- error = removexattr(dentry, name);
+ error = removexattr(f->f_vfsmnt, dentry, name);
+ error = removexattr(dentry, f->f_vfsmnt, name);
fput(f);
return error;
}
@ -78,12 +78,12 @@ Index: linux-2.6.19/include/linux/xattr.h
===================================================================
--- linux-2.6.19.orig/include/linux/xattr.h
+++ linux-2.6.19/include/linux/xattr.h
@@ -45,7 +45,7 @@ ssize_t vfs_getxattr(struct vfsmount *,
ssize_t vfs_listxattr(struct vfsmount *, struct dentry *, char *, size_t);
int vfs_setxattr(struct vfsmount *, struct dentry *, char *, void *, size_t,
@@ -46,7 +46,7 @@ ssize_t vfs_listxattr(struct dentry *d,
size_t size);
int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t,
int);
-int vfs_removexattr(struct dentry *, char *);
+int vfs_removexattr(struct vfsmount *, struct dentry *, char *);
+int vfs_removexattr(struct dentry *, struct vfsmount *, char *);
ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size);
ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);

59
kernel-patches/for-mainline/vfs-rename.diff
View file

@ -26,11 +26,10 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
lower_old_dir_dentry = dget_parent(lower_old_dentry);
lower_new_dir_dentry = dget_parent(lower_new_dentry);
lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
- rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
- lower_new_dir_dentry->d_inode, lower_new_dentry);
+ rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_mnt,
+ lower_old_dentry, lower_new_dir_dentry->d_inode,
+ lower_new_mnt, lower_new_dentry);
+ lower_old_mnt, lower_new_dir_dentry->d_inode,
+ lower_new_dentry, lower_new_mnt);
if (rc)
goto out_lock;
ecryptfs_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode);
@ -38,39 +37,33 @@ Index: linux-2.6.19/fs/namei.c
===================================================================
--- linux-2.6.19.orig/fs/namei.c
+++ linux-2.6.19/fs/namei.c
@@ -2385,8 +2385,9 @@ asmlinkage long sys_link(const char __us
* ->i_mutex on parents, which works but leads to some truely excessive
@@ -2386,7 +2386,8 @@ asmlinkage long sys_link(const char __us
* locking].
*/
-static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry)
+static int vfs_rename_dir(struct inode *old_dir, struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *new_dir,
+ struct vfsmount *new_mnt, struct dentry *new_dentry)
+ struct vfsmount *old_mnt, struct inode *new_dir,
+ struct dentry *new_dentry, struct vfsmount *new_mnt)
{
int error = 0;
struct inode *target;
@@ -2428,8 +2429,9 @@ static int vfs_rename_dir(struct inode *
return error;
@@ -2429,7 +2430,8 @@ static int vfs_rename_dir(struct inode *
}
-static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry)
+static int vfs_rename_other(struct inode *old_dir, struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *new_dir,
+ struct vfsmount *new_mnt, struct dentry *new_dentry)
+ struct vfsmount *old_mnt, struct inode *new_dir,
+ struct dentry *new_dentry, struct vfsmount *new_mnt)
{
struct inode *target;
int error;
@@ -2456,8 +2458,9 @@ static int vfs_rename_other(struct inode
return error;
@@ -2457,7 +2459,8 @@ static int vfs_rename_other(struct inode
}
-int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
- struct inode *new_dir, struct dentry *new_dentry)
+int vfs_rename(struct inode *old_dir, struct vfsmount *old_mnt,
+ struct dentry *old_dentry, struct inode *new_dir,
+ struct vfsmount *new_mnt, struct dentry *new_dentry)
+ struct vfsmount *old_mnt, struct inode *new_dir,
+ struct dentry *new_dentry, struct vfsmount *new_mnt)
{
int error;
int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
@ -79,12 +72,12 @@ Index: linux-2.6.19/fs/namei.c
if (is_dir)
- error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
+ error = vfs_rename_dir(old_dir, old_mnt, old_dentry,
+ new_dir, new_mnt, new_dentry);
+ error = vfs_rename_dir(old_dir, old_dentry, old_mnt,
+ new_dir, new_dentry, new_mnt);
else
- error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
+ error = vfs_rename_other(old_dir, old_mnt, old_dentry,
+ new_dir, new_mnt, new_dentry);
+ error = vfs_rename_other(old_dir, old_dentry, old_mnt,
+ new_dir, new_dentry, new_mnt);
if (!error) {
const char *new_name = old_dentry->d_name.name;
fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
@ -94,8 +87,8 @@ Index: linux-2.6.19/fs/namei.c
- error = vfs_rename(old_dir->d_inode, old_dentry,
- new_dir->d_inode, new_dentry);
+ error = vfs_rename(old_dir->d_inode, oldnd.mnt, old_dentry,
+ new_dir->d_inode, newnd.mnt, new_dentry);
+ error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.mnt,
+ new_dir->d_inode, new_dentry, newnd.mnt);
exit5:
dput(new_dentry);
exit4:
@ -108,7 +101,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
} else
#endif
- host_err = vfs_rename(fdir, odentry, tdir, ndentry);
+ host_err = vfs_rename(fdir, NULL, odentry, tdir, NULL, ndentry);
+ host_err = vfs_rename(fdir, odentry, NULL, tdir, ndentry, NULL);
if (!host_err && EX_ISSYNC(tfhp->fh_export)) {
host_err = nfsd_sync_dir(tdentry);
if (!host_err)
@ -117,11 +110,11 @@ Index: linux-2.6.19/include/linux/fs.h
--- linux-2.6.19.orig/include/linux/fs.h
+++ linux-2.6.19/include/linux/fs.h
@@ -1019,7 +1019,7 @@ extern int vfs_symlink(struct inode *, s
extern int vfs_link(struct vfsmount *, struct dentry *, struct inode *, struct vfsmount *, struct dentry *);
extern int vfs_rmdir(struct inode *, struct vfsmount *, struct dentry *);
extern int vfs_unlink(struct inode *, struct vfsmount *, struct dentry *);
extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *);
extern int vfs_unlink(struct inode *, struct dentry *, struct vfsmount *);
-extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *);
+extern int vfs_rename(struct inode *, struct vfsmount *, struct dentry *, struct inode *, struct vfsmount *, struct dentry *);
+extern int vfs_rename(struct inode *, struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
/*
* VFS dentry helper functions.

16
kernel-patches/for-mainline/vfs-rmdir.diff
View file

@ -21,7 +21,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
lower_dir_dentry = lock_parent(lower_dentry);
dget(lower_dentry);
- rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
+ rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_mnt, lower_dentry);
+ rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry, lower_mnt);
dput(lower_dentry);
if (!rc)
d_delete(lower_dentry);
@ -34,7 +34,7 @@ Index: linux-2.6.19/fs/namei.c
}
-int vfs_rmdir(struct inode *dir, struct dentry *dentry)
+int vfs_rmdir(struct inode *dir, struct vfsmount *mnt, struct dentry *dentry)
+int vfs_rmdir(struct inode *dir, struct dentry *dentry,struct vfsmount *mnt)
{
int error = may_delete(dir, dentry, 1);
@ -43,7 +43,7 @@ Index: linux-2.6.19/fs/namei.c
if (IS_ERR(dentry))
goto exit2;
- error = vfs_rmdir(nd.dentry->d_inode, dentry);
+ error = vfs_rmdir(nd.dentry->d_inode, nd.mnt, dentry);
+ error = vfs_rmdir(nd.dentry->d_inode, dentry, nd.mnt);
dput(dentry);
exit2:
mutex_unlock(&nd.dentry->d_inode->i_mutex);
@ -82,7 +82,7 @@ Index: linux-2.6.19/fs/reiserfs/xattr.c
root = get_xa_root(inode->i_sb);
reiserfs_write_lock_xattrs(inode->i_sb);
- err = vfs_rmdir(root->d_inode, dir);
+ err = vfs_rmdir(root->d_inode, NULL, dir);
+ err = vfs_rmdir(root->d_inode, dir, NULL);
reiserfs_write_unlock_xattrs(inode->i_sb);
dput(root);
} else {
@ -91,11 +91,11 @@ Index: linux-2.6.19/include/linux/fs.h
--- linux-2.6.19.orig/include/linux/fs.h
+++ linux-2.6.19/include/linux/fs.h
@@ -1017,7 +1017,7 @@ extern int vfs_mkdir(struct inode *, str
extern int vfs_mknod(struct inode *, struct vfsmount *, struct dentry *, int, dev_t);
extern int vfs_symlink(struct inode *, struct vfsmount *, struct dentry *, const char *, int);
extern int vfs_link(struct vfsmount *, struct dentry *, struct inode *, struct vfsmount *, struct dentry *);
extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t);
extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int);
extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
-extern int vfs_rmdir(struct inode *, struct dentry *);
+extern int vfs_rmdir(struct inode *, struct vfsmount *, struct dentry *);
+extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *);
extern int vfs_unlink(struct inode *, struct dentry *);
extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *);

18
kernel-patches/for-mainline/vfs-setxattr.diff
View file

@ -12,7 +12,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
}
- error = vfs_setxattr(dentry, key, buf, len, 0);
+ error = vfs_setxattr(NULL, dentry, key, buf, len, 0);
+ error = vfs_setxattr(dentry, NULL, key, buf, len, 0);
out:
kfree(buf);
return error;
@ -21,7 +21,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
if (size)
- error = vfs_setxattr(fhp->fh_dentry, name, value, size, 0);
+ error = vfs_setxattr(NULL, fhp->fh_dentry, name, value, size,0);
+ error = vfs_setxattr(fhp->fh_dentry, NULL, name, value, size,0);
else {
if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT)
error = 0;
@ -35,7 +35,7 @@ Index: linux-2.6.19/fs/xattr.c
int
-vfs_setxattr(struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
+vfs_setxattr(struct vfsmount *mnt, struct dentry *dentry, char *name,
+vfs_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name,
+ void *value, size_t size, int flags)
{
struct inode *inode = dentry->d_inode;
@ -46,7 +46,7 @@ Index: linux-2.6.19/fs/xattr.c
static long
-setxattr(struct dentry *d, char __user *name, void __user *value,
- size_t size, int flags)
+setxattr(struct vfsmount *mnt, struct dentry *dentry, char __user *name,
+setxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name,
+ void __user *value, size_t size, int flags)
{
int error;
@ -56,7 +56,7 @@ Index: linux-2.6.19/fs/xattr.c
}
- error = vfs_setxattr(d, kname, kvalue, size, flags);
+ error = vfs_setxattr(mnt, dentry, kname, kvalue, size, flags);
+ error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags);
kfree(kvalue);
return error;
}
@ -65,7 +65,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = setxattr(nd.dentry, name, value, size, flags);
+ error = setxattr(nd.mnt, nd.dentry, name, value, size, flags);
+ error = setxattr(nd.dentry, nd.mnt, name, value, size, flags);
path_release(&nd);
return error;
}
@ -74,7 +74,7 @@ Index: linux-2.6.19/fs/xattr.c
if (error)
return error;
- error = setxattr(nd.dentry, name, value, size, flags);
+ error = setxattr(nd.mnt, nd.dentry, name, value, size, flags);
+ error = setxattr(nd.dentry, nd.mnt, name, value, size, flags);
path_release(&nd);
return error;
}
@ -83,7 +83,7 @@ Index: linux-2.6.19/fs/xattr.c
dentry = f->f_dentry;
audit_inode(NULL, dentry->d_inode);
- error = setxattr(dentry, name, value, size, flags);
+ error = setxattr(f->f_vfsmnt, dentry, name, value, size, flags);
+ error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags);
fput(f);
return error;
}
@ -96,7 +96,7 @@ Index: linux-2.6.19/include/linux/xattr.h
ssize_t vfs_getxattr(struct dentry *, char *, void *, size_t);
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
-int vfs_setxattr(struct dentry *, char *, void *, size_t, int);
+int vfs_setxattr(struct vfsmount *, struct dentry *, char *, void *, size_t,
+int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t,
+ int);
int vfs_removexattr(struct dentry *, char *);

16
kernel-patches/for-mainline/vfs-symlink.diff
View file

@ -28,7 +28,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
goto out_lock;
}
- rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
+ rc = vfs_symlink(lower_dir_dentry->d_inode, lower_mnt, lower_dentry,
+ rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, lower_mnt,
encoded_symname, mode);
kfree(encoded_symname);
if (rc || !lower_dentry->d_inode)
@ -41,7 +41,7 @@ Index: linux-2.6.19/fs/namei.c
}
-int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode)
+int vfs_symlink(struct inode *dir, struct vfsmount *mnt, struct dentry *dentry,
+int vfs_symlink(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt,
+ const char *oldname, int mode)
{
int error = may_create(dir, dentry, NULL);
@ -51,7 +51,7 @@ Index: linux-2.6.19/fs/namei.c
goto out_unlock;
- error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
+ error = vfs_symlink(nd.dentry->d_inode, nd.mnt, dentry, from,
+ error = vfs_symlink(nd.dentry->d_inode, dentry, nd.mnt, from,
+ S_IALLUGO);
dput(dentry);
out_unlock:
@ -65,13 +65,13 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
strncpy(path_alloced, path, plen);
path_alloced[plen] = 0;
- host_err = vfs_symlink(dentry->d_inode, dnew, path_alloced, mode);
+ host_err = vfs_symlink(dentry->d_inode, NULL, dnew,
+ host_err = vfs_symlink(dentry->d_inode, dnew, NULL,
+ path_alloced, mode);
kfree(path_alloced);
}
} else
- host_err = vfs_symlink(dentry->d_inode, dnew, path, mode);
+ host_err = vfs_symlink(dentry->d_inode, NULL, dnew, path, mode);
+ host_err = vfs_symlink(dentry->d_inode, dnew, NULL, path, mode);
if (!host_err) {
if (EX_ISSYNC(fhp->fh_export))
@ -81,10 +81,10 @@ Index: linux-2.6.19/include/linux/fs.h
+++ linux-2.6.19/include/linux/fs.h
@@ -1015,7 +1015,7 @@ extern int vfs_permission(struct nameida
extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *);
extern int vfs_mkdir(struct inode *, struct vfsmount *, struct dentry *, int);
extern int vfs_mknod(struct inode *, struct vfsmount *, struct dentry *, int, dev_t);
extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int);
extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t);
-extern int vfs_symlink(struct inode *, struct dentry *, const char *, int);
+extern int vfs_symlink(struct inode *, struct vfsmount *, struct dentry *, const char *, int);
+extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int);
extern int vfs_link(struct dentry *, struct inode *, struct dentry *);
extern int vfs_rmdir(struct inode *, struct dentry *);
extern int vfs_unlink(struct inode *, struct dentry *);

20
kernel-patches/for-mainline/vfs-unlink.diff
View file

@ -16,7 +16,7 @@ Index: linux-2.6.19/fs/ecryptfs/inode.c
lock_parent(lower_dentry);
- rc = vfs_unlink(lower_dir_inode, lower_dentry);
+ rc = vfs_unlink(lower_dir_inode, lower_mnt, lower_dentry);
+ rc = vfs_unlink(lower_dir_inode, lower_dentry, lower_mnt);
if (rc) {
printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
goto out_unlock;
@ -29,7 +29,7 @@ Index: linux-2.6.19/fs/namei.c
}
-int vfs_unlink(struct inode *dir, struct dentry *dentry)
+int vfs_unlink(struct inode *dir, struct vfsmount *mnt, struct dentry *dentry)
+int vfs_unlink(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt)
{
int error = may_delete(dir, dentry, 0);
@ -38,7 +38,7 @@ Index: linux-2.6.19/fs/namei.c
if (inode)
atomic_inc(&inode->i_count);
- error = vfs_unlink(nd.dentry->d_inode, dentry);
+ error = vfs_unlink(nd.dentry->d_inode, nd.mnt, dentry);
+ error = vfs_unlink(nd.dentry->d_inode, dentry, nd.mnt);
exit2:
dput(dentry);
}
@ -51,7 +51,7 @@ Index: linux-2.6.19/fs/nfsd/nfs4recover.c
}
mutex_lock(&dir->d_inode->i_mutex);
- status = vfs_unlink(dir->d_inode, dentry);
+ status = vfs_unlink(dir->d_inode, NULL, dentry);
+ status = vfs_unlink(dir->d_inode, dentry, NULL);
mutex_unlock(&dir->d_inode->i_mutex);
return status;
}
@ -64,7 +64,7 @@ Index: linux-2.6.19/fs/nfsd/vfs.c
} else
#endif
- host_err = vfs_unlink(dirp, rdentry);
+ host_err = vfs_unlink(dirp, NULL, rdentry);
+ host_err = vfs_unlink(dirp, rdentry, NULL);
} else { /* It's RMDIR */
host_err = vfs_rmdir(dirp, NULL, rdentry);
}
@ -73,11 +73,11 @@ Index: linux-2.6.19/include/linux/fs.h
--- linux-2.6.19.orig/include/linux/fs.h
+++ linux-2.6.19/include/linux/fs.h
@@ -1018,7 +1018,7 @@ extern int vfs_mknod(struct inode *, str
extern int vfs_symlink(struct inode *, struct vfsmount *, struct dentry *, const char *, int);
extern int vfs_link(struct vfsmount *, struct dentry *, struct inode *, struct vfsmount *, struct dentry *);
extern int vfs_rmdir(struct inode *, struct vfsmount *, struct dentry *);
extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int);
extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *);
-extern int vfs_unlink(struct inode *, struct dentry *);
+extern int vfs_unlink(struct inode *, struct vfsmount *, struct dentry *);
+extern int vfs_unlink(struct inode *, struct dentry *, struct vfsmount *);
extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *);
/*
@ -90,7 +90,7 @@ Index: linux-2.6.19/ipc/mqueue.c
atomic_inc(&inode->i_count);
- err = vfs_unlink(dentry->d_parent->d_inode, dentry);
+ err = vfs_unlink(dentry->d_parent->d_inode, mqueue_mnt, dentry);
+ err = vfs_unlink(dentry->d_parent->d_inode, dentry, mqueue_mnt);
out_err:
dput(dentry);