Move to d_path fix backport from -mm tree (which is where our patch was merged).

2025-03-04 08:24:42 +01:00 · 2007-04-03 12:04:05 +00:00 · 2007-04-03 12:04:05 +00:00 · 72fba9803d
commit 72fba9803d
parent 026eb0b136
33 changed files with 245 additions and 225 deletions
--- a/kernel-patches/for-mainline/fix-__d_path-for-lazy-unmounts-and-make-it-unambiguous.patch
+++ b/kernel-patches/for-mainline/fix-__d_path-for-lazy-unmounts-and-make-it-unambiguous.patch
@ -1,41 +1,57 @@
-Fix __d_path() for lazy unmounts and make it unambiguous
+From: Andreas Gruenbacher <agruen@suse.de>

-First, when d_path() hits a lazily unmounted mount point, it tries to
-prepend the name of the lazily unmounted dentry to the path name. It
-gets this wrong, and also overwrites the slash that separates the name
-from the following pathname component.
+Fix __d_path() for lazy unmounts and make it unambiguous; exclude unreachable
+mount points from /proc/mounts

-Second, it isn't always possible to tell from the __d_path result
-whether the specified root and rootmnt (i.e., the chroot) was reached:
-lazy unmounts of bind mounts will produce a path that does start with a
-non-slash so we can tell from that, but other lazy unmounts will produce
-a path that starts with a slash, just like "ordinary" paths.
+First, when d_path() hits a lazily unmounted mount point, it tries to prepend
+the name of the lazily unmounted dentry to the path name.  It gets this wrong,
+and also overwrites the slash that separates the name from the following
+pathname component.

-Third, sys_getcwd() shouldn't return disconnected paths. The patch
-checks for that, and makes it fail with -ENOENT in that case.
+Second, it isn't always possible to tell from the __d_path result whether the
+specified root and rootmnt (i.e., the chroot) was reached: lazy unmounts of
+bind mounts will produce a path that does start with a non-slash so we can
+tell from that, but other lazy unmounts will produce a path that starts with a
+slash, just like "ordinary" paths.
+
+Third, sys_getcwd() shouldn't return disconnected paths.  The patch checks for
+that, and makes it fail with -ENOENT in that case.
+
+Fourth, this now allows us to tell unreachable mount points from reachable
+ones when generating the /proc/mounts and /proc/$pid/mountstats files. 
+Unreachable mount points are not interesting to processes (they can't get
+there, anyway), so we hide unreachable mounts.  In particular, ordinary
+processes also will no longer see the rootfs mount (it is unreachable, after
+all).  The rootfs mount point will still be reachable to processes like the
+initial initrd init process, and so those processes will continue to see this
+mount point.

 The attached patch cleans up __d_path() to fix the bug with overlapping
-pathname components. It also adds a @fail_deleted argument, which allows
-to get rid of some of the mess in sys_getcwd(). We make sure that paths
-will only start with a slash if the path leads all the way up to the
-root. If the resulting path would otherwise be empty, we return "."
-instead so that some users of seq_path for files in /proc won't break.
+pathname components.  It also adds a @fail_deleted argument, which allows to
+get rid of some of the mess in sys_getcwd().  We make sure that paths will
+only start with a slash if the path leads all the way up to the root.  If the
+resulting path would otherwise be empty, we return "." instead so that some
+users of seq_path for files in /proc won't break.

-The @fail_deleted argument allows sys_getcwd() to be simplified.
-Grabbing the dcache_lock can be moved into __d_path().
+The @fail_deleted argument allows sys_getcwd() to be simplified.  Grabbing the
+dcache_lock can be moved into __d_path().

 The @fail_deleted argument could be added to d_path() as well: this would
 allow callers to recognize deleted files without having to resort to the
-ambiguous check for the " (deleted)" string at the end of the pathnames.
-This is not currently done, but it might be worthwhile.
+ambiguous check for the " (deleted)" string at the end of the pathnames.  This
+is not currently done, but it might be worthwhile.
+
+This patch also removes some code duplication between mounts_open() and
+mountstats_open().

 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
 Reviewed-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

-Index: b/fs/dcache.c
+Index: linux-2.6-apparmor/fs/dcache.c
 ===================================================================
--- a/fs/dcache.c
-+++ b/fs/dcache.c
+--- linux-2.6-apparmor.orig/fs/dcache.c
+++ linux-2.6-apparmor/fs/dcache.c
@@ -1732,52 +1732,51 @@ shouldnt_be_hashed:
 }
 
@ -262,3 +278,168 @@ Index: b/fs/dcache.c
 
 out:
 	dput(pwd);
+Index: linux-2.6-apparmor/fs/namespace.c
+===================================================================
+--- linux-2.6-apparmor.orig/fs/namespace.c
+++ linux-2.6-apparmor/fs/namespace.c
+@@ -348,8 +348,16 @@ static inline void mangle(struct seq_fil
+ 	seq_escape(m, s, " \t\n\\");
+ }
+ 
+/* Keep in sync with fs/proc/base.c! */
+struct proc_mounts {
+        struct seq_file m;
+        void *page;
+        int event;
+};
+
+ static int show_vfsmnt(struct seq_file *m, void *v)
+ {
+	void *page = container_of(m, struct proc_mounts, m)->page;
+ 	struct vfsmount *mnt = v;
+ 	int err = 0;
+ 	static struct proc_fs_info {
+@@ -371,10 +379,15 @@ static int show_vfsmnt(struct seq_file *
+ 		{ 0, NULL }
+ 	};
+ 	struct proc_fs_info *fs_infop;
+	char *path;
+
+	path = d_path(mnt->mnt_root, mnt, page, PAGE_SIZE);
+	if (IS_ERR(path) || *path != '/')
+		return err;
+ 
+ 	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
+ 	seq_putc(m, ' ');
+-	seq_path(m, mnt, mnt->mnt_root, " \t\n\\");
+	mangle(m, path);
+ 	seq_putc(m, ' ');
+ 	mangle(m, mnt->mnt_sb->s_type->name);
+ 	seq_puts(m, mnt->mnt_sb->s_flags & MS_RDONLY ? " ro" : " rw");
+@@ -401,8 +414,14 @@ struct seq_operations mounts_op = {
+ 
+ static int show_vfsstat(struct seq_file *m, void *v)
+ {
+	void *page = container_of(m, struct proc_mounts, m)->page;
+ 	struct vfsmount *mnt = v;
+ 	int err = 0;
+	char *path;
+
+	path = d_path(mnt->mnt_root, mnt, page, PAGE_SIZE);
+	if (IS_ERR(path) || *path != '/')
+		return err; /* error or path unreachable from chroot */
+ 
+ 	/* device */
+ 	if (mnt->mnt_devname) {
+@@ -413,7 +432,7 @@ static int show_vfsstat(struct seq_file 
+ 
+ 	/* mount point */
+ 	seq_puts(m, " mounted on ");
+-	seq_path(m, mnt, mnt->mnt_root, " \t\n\\");
+	mangle(m, path);
+ 	seq_putc(m, ' ');
+ 
+ 	/* file system type */
+Index: linux-2.6-apparmor/fs/proc/base.c
+===================================================================
+--- linux-2.6-apparmor.orig/fs/proc/base.c
+++ linux-2.6-apparmor/fs/proc/base.c
+@@ -353,13 +353,16 @@ static const struct inode_operations pro
+ 	.setattr	= proc_setattr,
+ };
+ 
+/* Keep in sync with fs/namespace.c! */
+ extern struct seq_operations mounts_op;
+ struct proc_mounts {
+ 	struct seq_file m;
+	void *page;
+ 	int event;
+ };
+ 
+-static int mounts_open(struct inode *inode, struct file *file)
+static int __mounts_open(struct inode *inode, struct file *file,
+			 struct seq_operations *seq_ops)
+ {
+ 	struct task_struct *task = get_proc_task(inode);
+ 	struct mnt_namespace *ns = NULL;
+@@ -382,12 +385,16 @@ static int mounts_open(struct inode *ino
+ 		p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL);
+ 		if (p) {
+ 			file->private_data = &p->m;
+-			ret = seq_open(file, &mounts_op);
+			p->page = (void *)__get_free_page(GFP_KERNEL);
+			if (p->page)
+				ret = seq_open(file, seq_ops);
+ 			if (!ret) {
+ 				p->m.private = ns;
+ 				p->event = ns->event;
+ 				return 0;
+ 			}
+			if (p->page)
+				free_page((unsigned long)p->page);
+ 			kfree(p);
+ 		}
+ 		put_mnt_ns(ns);
+@@ -395,17 +402,26 @@ static int mounts_open(struct inode *ino
+ 	return ret;
+ }
+ 
+static int mounts_open(struct inode *inode, struct file *file)
+{
+	return __mounts_open(inode, file, &mounts_op);
+}
+
+ static int mounts_release(struct inode *inode, struct file *file)
+ {
+-	struct seq_file *m = file->private_data;
+-	struct mnt_namespace *ns = m->private;
+	struct proc_mounts *p =
+		container_of(file->private_data, struct proc_mounts, m);
+	struct mnt_namespace *ns = p->m.private;
+
+	free_page((unsigned long)p->page);
+ 	put_mnt_ns(ns);
+ 	return seq_release(inode, file);
+ }
+ 
+ static unsigned mounts_poll(struct file *file, poll_table *wait)
+ {
+-	struct proc_mounts *p = file->private_data;
+	struct proc_mounts *p =
+		container_of(file->private_data, struct proc_mounts, m);
+ 	struct mnt_namespace *ns = p->m.private;
+ 	unsigned res = 0;
+ 
+@@ -432,31 +448,7 @@ static const struct file_operations proc
+ extern struct seq_operations mountstats_op;
+ static int mountstats_open(struct inode *inode, struct file *file)
+ {
+-	int ret = seq_open(file, &mountstats_op);
+-
+-	if (!ret) {
+-		struct seq_file *m = file->private_data;
+-		struct mnt_namespace *mnt_ns = NULL;
+-		struct task_struct *task = get_proc_task(inode);
+-
+-		if (task) {
+-			task_lock(task);
+-			if (task->nsproxy)
+-				mnt_ns = task->nsproxy->mnt_ns;
+-			if (mnt_ns)
+-				get_mnt_ns(mnt_ns);
+-			task_unlock(task);
+-			put_task_struct(task);
+-		}
+-
+-		if (mnt_ns)
+-			m->private = mnt_ns;
+-		else {
+-			seq_release(inode, file);
+-			ret = -EINVAL;
+-		}
+-	}
+-	return ret;
+	return __mounts_open(inode, file, &mountstats_op);
+ }
+ 
+ static const struct file_operations proc_mountstats_operations = {
--- a/kernel-patches/for-mainline/fix-vfs_rmdir.diff
+++ b/kernel-patches/for-mainline/fix-vfs_rmdir.diff
@ -1,7 +1,9 @@
-vfs_rmdir: call lsm hook before unhashing dentry
+vfs_rmdir(): call lsm hook before unhashing dentry

 If we unhash the dentry before calling the security_inode_rmdir hook,
-we cannot compute the file's pathname in the hook anymore.
+we cannot compute the file's pathname in the hook anymore. AppArmor
+needs to know the filename in order to decide whether a file may be
+deleted, though.

 Signed-off-by: John Johansen <jjohansen@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
--- a/kernel-patches/for-mainline/no-unreachable-paths.diff
+++ b/kernel-patches/for-mainline/no-unreachable-paths.diff
@ -1,181 +0,0 @@
-Hide unreachable mount points in /proc/mounts and /proc/$PID/mountstats
-
-What's mounted on unreachable mount points isn't interesting to
-processes: they can't get there in the first place. This patch hides
-unreachable mounts from processes.
-
-Processes living in the root namespace whill still see all mounts they
-were seeing before except for the rootfs mount, which is never reachable
-from an "ordinary" process.
-
-Only the initial initrd init process will actually have access to the
-rootfs mount. For this process that mount *is* reachable, and so it will
-show in.
-
-This patch also removes some code duplication between mounts_open() and
-mountstats_open().
-
-Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
-
-Index: b/fs/namespace.c
-===================================================================
--- a/fs/namespace.c
-+++ b/fs/namespace.c
-@@ -348,8 +348,16 @@ static inline void mangle(struct seq_fil
- 	seq_escape(m, s, " \t\n\\");
- }
- 
-+/* Keep in sync with fs/proc/base.c! */
-+struct proc_mounts {
-+        struct seq_file m;
-+        void *page;
-+        int event;
-+};
-+
- static int show_vfsmnt(struct seq_file *m, void *v)
- {
-+	void *page = container_of(m, struct proc_mounts, m)->page;
- 	struct vfsmount *mnt = v;
- 	int err = 0;
- 	static struct proc_fs_info {
-@@ -372,9 +380,13 @@ static int show_vfsmnt(struct seq_file *
- 	};
- 	struct proc_fs_info *fs_infop;
- 
-+	char *path = d_path(mnt->mnt_root, mnt, page, PAGE_SIZE);
-+	if (IS_ERR(path) || *path != '/')
-+		return err;
-+
- 	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
- 	seq_putc(m, ' ');
-	seq_path(m, mnt, mnt->mnt_root, " \t\n\\");
-+	mangle(m, path);
- 	seq_putc(m, ' ');
- 	mangle(m, mnt->mnt_sb->s_type->name);
- 	seq_puts(m, mnt->mnt_sb->s_flags & MS_RDONLY ? " ro" : " rw");
-@@ -401,9 +413,14 @@ struct seq_operations mounts_op = {
- 
- static int show_vfsstat(struct seq_file *m, void *v)
- {
-+	void *page = container_of(m, struct proc_mounts, m)->page;
- 	struct vfsmount *mnt = v;
- 	int err = 0;
- 
-+	char *path = d_path(mnt->mnt_root, mnt, page, PAGE_SIZE);
-+	if (IS_ERR(path) || *path != '/')
-+		return err; /* error or path unreachable from chroot */
-+
- 	/* device */
- 	if (mnt->mnt_devname) {
- 		seq_puts(m, "device ");
-@@ -413,7 +430,7 @@ static int show_vfsstat(struct seq_file 
- 
- 	/* mount point */
- 	seq_puts(m, " mounted on ");
-	seq_path(m, mnt, mnt->mnt_root, " \t\n\\");
-+	mangle(m, path);
- 	seq_putc(m, ' ');
- 
- 	/* file system type */
-Index: b/fs/proc/base.c
-===================================================================
--- a/fs/proc/base.c
-+++ b/fs/proc/base.c
-@@ -353,13 +353,16 @@ static const struct inode_operations pro
- 	.setattr	= proc_setattr,
- };
- 
-+/* Keep in sync with fs/namespace.c! */
- extern struct seq_operations mounts_op;
- struct proc_mounts {
- 	struct seq_file m;
-+	void *page;
- 	int event;
- };
- 
-static int mounts_open(struct inode *inode, struct file *file)
-+static int __mounts_open(struct inode *inode, struct file *file,
-+			 struct seq_operations *seq_ops)
- {
- 	struct task_struct *task = get_proc_task(inode);
- 	struct mnt_namespace *ns = NULL;
-@@ -382,12 +385,16 @@ static int mounts_open(struct inode *ino
- 		p = kmalloc(sizeof(struct proc_mounts), GFP_KERNEL);
- 		if (p) {
- 			file->private_data = &p->m;
-			ret = seq_open(file, &mounts_op);
-+			p->page = (void *)__get_free_page(GFP_KERNEL);
-+			if (p->page)
-+				ret = seq_open(file, seq_ops);
- 			if (!ret) {
- 				p->m.private = ns;
- 				p->event = ns->event;
- 				return 0;
- 			}
-+			if (p->page)
-+				free_page((unsigned long)p->page);
- 			kfree(p);
- 		}
- 		put_mnt_ns(ns);
-@@ -395,17 +402,25 @@ static int mounts_open(struct inode *ino
- 	return ret;
- }
- 
-+static int mounts_open(struct inode *inode, struct file *file)
-+{
-+	return __mounts_open(inode, file, &mounts_op);
-+}
-+
- static int mounts_release(struct inode *inode, struct file *file)
- {
-	struct seq_file *m = file->private_data;
-	struct mnt_namespace *ns = m->private;
-+	struct proc_mounts *p =
-+		container_of(file->private_data, struct proc_mounts, m);
-+	struct mnt_namespace *ns = p->m.private;
-+	free_page((unsigned long)p->page);
- 	put_mnt_ns(ns);
- 	return seq_release(inode, file);
- }
- 
- static unsigned mounts_poll(struct file *file, poll_table *wait)
- {
-	struct proc_mounts *p = file->private_data;
-+	struct proc_mounts *p =
-+		container_of(file->private_data, struct proc_mounts, m);
- 	struct mnt_namespace *ns = p->m.private;
- 	unsigned res = 0;
- 
-@@ -432,31 +447,7 @@ static const struct file_operations proc
- extern struct seq_operations mountstats_op;
- static int mountstats_open(struct inode *inode, struct file *file)
- {
-	int ret = seq_open(file, &mountstats_op);
-
-	if (!ret) {
-		struct seq_file *m = file->private_data;
-		struct mnt_namespace *mnt_ns = NULL;
-		struct task_struct *task = get_proc_task(inode);
-
-		if (task) {
-			task_lock(task);
-			if (task->nsproxy)
-				mnt_ns = task->nsproxy->mnt_ns;
-			if (mnt_ns)
-				get_mnt_ns(mnt_ns);
-			task_unlock(task);
-			put_task_struct(task);
-		}
-
-		if (mnt_ns)
-			m->private = mnt_ns;
-		else {
-			seq_release(inode, file);
-			ret = -EINVAL;
-		}
-	}
-	return ret;
-+	return __mounts_open(inode, file, &mountstats_op);
- }
- 
- static const struct file_operations proc_mountstats_operations = {
--- a/kernel-patches/for-mainline/proc_setattr.diff
+++ b/kernel-patches/for-mainline/proc_setattr.diff
@ -5,6 +5,7 @@ calling iop->setattr.

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/proc/base.c
 ===================================================================
--- a/kernel-patches/for-mainline/proc_sys_setattr.diff
+++ b/kernel-patches/for-mainline/proc_sys_setattr.diff
@ -1,13 +1,11 @@
-Remove redundant check from proc_sys_setattr(), similar to recent fixup
-in proc_setattr().
+Remove redundant check from proc_sys_setattr()

-notify_change() already calls security_inode_setattr() before
-calling iop->setattr.
+This is similar to a recent fixup in proc_setattr(): notify_change()
+already calls security_inode_setattr() before calling iop->setattr.

 Signed-off-by: Steve Beattie <sbeattie@suse.de>
---
- fs/proc/proc_sysctl.c |    7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
+Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/proc/proc_sysctl.c
 ===================================================================
--- a/kernel-patches/for-mainline/remove_suid.diff
+++ b/kernel-patches/for-mainline/remove_suid.diff
@ -6,6 +6,7 @@ vfsmount parameter to notify_change().

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/mm/filemap.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-create.diff
+++ b/kernel-patches/for-mainline/security-create.diff
@ -1,7 +1,8 @@
-Pass struct vfsmount to the inode_create LSM hook.
+Pass struct vfsmount to the inode_create LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-getxattr.diff
+++ b/kernel-patches/for-mainline/security-getxattr.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_getxattr LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/xattr.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-link.diff
+++ b/kernel-patches/for-mainline/security-link.diff
@ -2,6 +2,7 @@ Pass the struct vfsmounts to the inode_link LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-listxattr.diff
+++ b/kernel-patches/for-mainline/security-listxattr.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_listxattr LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/xattr.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-mkdir.diff
+++ b/kernel-patches/for-mainline/security-mkdir.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_mkdir LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-mknod.diff
+++ b/kernel-patches/for-mainline/security-mknod.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_mknod LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-readlink.diff
+++ b/kernel-patches/for-mainline/security-readlink.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_readlink LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/stat.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-removexattr.diff
+++ b/kernel-patches/for-mainline/security-removexattr.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_removexattr LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/xattr.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-rename.diff
+++ b/kernel-patches/for-mainline/security-rename.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_rename LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-rmdir.diff
+++ b/kernel-patches/for-mainline/security-rmdir.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_rmdir LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-setattr.diff
+++ b/kernel-patches/for-mainline/security-setattr.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_setattr LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/attr.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-setxattr.diff
+++ b/kernel-patches/for-mainline/security-setxattr.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_setxattr LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/include/linux/security.h
 ===================================================================
--- a/kernel-patches/for-mainline/security-symlink.diff
+++ b/kernel-patches/for-mainline/security-symlink.diff
@ -1,7 +1,8 @@
-Pass struct vfsmount to the inode_symlink LSM hook.
+Pass struct vfsmount to the inode_symlink LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/security-unlink.diff
+++ b/kernel-patches/for-mainline/security-unlink.diff
@ -2,6 +2,7 @@ Pass struct vfsmount to the inode_unlink LSM hook

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/series
+++ b/kernel-patches/for-mainline/series
@ -28,8 +28,7 @@ vfs-listxattr.diff
 security-listxattr.diff
 vfs-removexattr.diff
 security-removexattr.diff
-d_path-lazy-unmounts.diff
-no-unreachable-paths.diff
+fix-__d_path-for-lazy-unmounts-and-make-it-unambiguous.patch
 mount-consistent-d_path.diff
 # security_chroot.diff
 d_namespace_path.diff
@ -39,4 +38,3 @@ apparmor-audit.diff
 apparmor.diff
 apparmor-intree.diff
 # complain-to-learn.diff
-
--- a/kernel-patches/for-mainline/vfs-getxattr.diff
+++ b/kernel-patches/for-mainline/vfs-getxattr.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_getxattr()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/nfsd/vfs.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-link.diff
+++ b/kernel-patches/for-mainline/vfs-link.diff
@ -2,6 +2,7 @@ Add struct vfsmount parameters to vfs_link()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/namei.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-listxattr.diff
+++ b/kernel-patches/for-mainline/vfs-listxattr.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_listxattr()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/xattr.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-mkdir.diff
+++ b/kernel-patches/for-mainline/vfs-mkdir.diff
@ -2,6 +2,7 @@ Add struct vfsmount parameter to vfs_mkdir()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/ecryptfs/inode.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-mknod.diff
+++ b/kernel-patches/for-mainline/vfs-mknod.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_mknod()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/ecryptfs/inode.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-notify_change.diff
+++ b/kernel-patches/for-mainline/vfs-notify_change.diff
@ -4,14 +4,9 @@ The vfsmount parameter must be set appropriately for files visibile
 outside the kernel. Files that are only used in a filesystem (e.g.,
 reiserfs xattr files) will have a NULL vfsmount.

-The kernel nfsd also doesn't have the necessary context for client
-requests. We cannot put it under any pathname based policy, and
-also set vfsmount to NULL there.
-
-The next patch passes the vfsmount to the inode_setattr LSM hook.
-
 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/attr.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-removexattr.diff
+++ b/kernel-patches/for-mainline/vfs-removexattr.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_removexattr()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/nfsd/vfs.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-rename.diff
+++ b/kernel-patches/for-mainline/vfs-rename.diff
@ -2,6 +2,7 @@ Add struct vfsmount parameters to vfs_rename()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/ecryptfs/inode.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-rmdir.diff
+++ b/kernel-patches/for-mainline/vfs-rmdir.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_rmdir()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/ecryptfs/inode.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-setxattr.diff
+++ b/kernel-patches/for-mainline/vfs-setxattr.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_setxattr()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/nfsd/vfs.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-symlink.diff
+++ b/kernel-patches/for-mainline/vfs-symlink.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_symlink()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/ecryptfs/inode.c
 ===================================================================
--- a/kernel-patches/for-mainline/vfs-unlink.diff
+++ b/kernel-patches/for-mainline/vfs-unlink.diff
@ -2,6 +2,7 @@ Add a struct vfsmount parameter to vfs_unlink()

 Signed-off-by: Tony Jones <tonyj@suse.de>
 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: John Johansen <jjohansen@suse.de>

 Index: b/fs/ecryptfs/inode.c
 ===================================================================