mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
From: John Johansen <jjohansen@suse.de>
|
|
Subject: Call lsm hook before unhashing dentry in vfs_rmdir()
|
|
|
|
If we unhash the dentry before calling the security_inode_rmdir hook,
|
|
we cannot compute the file's pathname in the hook anymore. AppArmor
|
|
needs to know the filename in order to decide whether a file may be
|
|
deleted, though.
|
|
|
|
Signed-off-by: John Johansen <jjohansen@suse.de>
|
|
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
|
|
|
|
---
|
|
fs/namei.c | 13 +++++++------
|
|
1 file changed, 7 insertions(+), 6 deletions(-)
|
|
|
|
--- a/fs/namei.c
|
|
+++ b/fs/namei.c
|
|
@@ -2232,6 +2232,10 @@ int vfs_rmdir(struct inode *dir, struct
|
|
if (!dir->i_op || !dir->i_op->rmdir)
|
|
return -EPERM;
|
|
|
|
+ error = security_inode_rmdir(dir, dentry, mnt);
|
|
+ if (error)
|
|
+ return error;
|
|
+
|
|
DQUOT_INIT(dir);
|
|
|
|
mutex_lock(&dentry->d_inode->i_mutex);
|
|
@@ -2239,12 +2243,9 @@ int vfs_rmdir(struct inode *dir, struct
|
|
if (d_mountpoint(dentry))
|
|
error = -EBUSY;
|
|
else {
|
|
- error = security_inode_rmdir(dir, dentry, mnt);
|
|
- if (!error) {
|
|
- error = dir->i_op->rmdir(dir, dentry);
|
|
- if (!error)
|
|
- dentry->d_inode->i_flags |= S_DEAD;
|
|
- }
|
|
+ error = dir->i_op->rmdir(dir, dentry);
|
|
+ if (!error)
|
|
+ dentry->d_inode->i_flags |= S_DEAD;
|
|
}
|
|
mutex_unlock(&dentry->d_inode->i_mutex);
|
|
if (!error) {
|