From: Miklos Szeredi In the inode_link() security operation and related functions pass the path (vfsmount + dentry) to the parent directory instead of the inode. AppArmor will need this. Signed-off-by: Miklos Szeredi --- fs/namei.c | 10 +++++----- include/linux/security.h | 8 ++++---- security/dummy.c | 4 ++-- security/security.c | 2 +- security/selinux/hooks.c | 5 +++-- security/smack/smack_lsm.c | 2 +- 6 files changed, 16 insertions(+), 15 deletions(-) Index: linux-2.6/fs/namei.c =================================================================== --- linux-2.6.orig/fs/namei.c 2008-05-29 12:20:54.000000000 +0200 +++ linux-2.6/fs/namei.c 2008-05-29 12:20:55.000000000 +0200 @@ -2531,17 +2531,17 @@ asmlinkage long sys_symlink(const char _ return sys_symlinkat(oldname, AT_FDCWD, newname); } -static int vfs_link(struct dentry *old_dentry, struct dentry *new_dir_dentry, +static int vfs_link(struct dentry *old_dentry, struct path *new_dir_path, struct dentry *new_dentry) { - struct inode *dir = new_dir_dentry->d_inode; + struct inode *dir = new_dir_path->dentry->d_inode; struct inode *inode = old_dentry->d_inode; int error; if (!inode) return -ENOENT; - error = may_create(new_dir_dentry, new_dentry); + error = may_create(new_dir_path->dentry, new_dentry); if (error) return error; @@ -2558,7 +2558,7 @@ static int vfs_link(struct dentry *old_d if (S_ISDIR(inode->i_mode)) return -EPERM; - error = security_inode_link(old_dentry, dir, new_dentry); + error = security_inode_link(old_dentry, new_dir_path, new_dentry); if (error) return error; @@ -2577,7 +2577,7 @@ int path_link(struct dentry *old_dentry, int error = mnt_want_write(dir_path->mnt); if (!error) { - error = vfs_link(old_dentry, dir_path->dentry, new_dentry); + error = vfs_link(old_dentry, dir_path, new_dentry); mnt_drop_write(dir_path->mnt); } Index: linux-2.6/include/linux/security.h =================================================================== --- linux-2.6.orig/include/linux/security.h 2008-05-29 12:20:54.000000000 +0200 +++ linux-2.6/include/linux/security.h 2008-05-29 12:20:55.000000000 +0200 @@ -346,7 +346,7 @@ static inline void security_free_mnt_opt * @inode_link: * Check permission before creating a new hard link to a file. * @old_dentry contains the dentry structure for an existing link to the file. - * @dir contains the inode structure of the parent directory of the new link. + * @dir contains the path to the parent of the new link. * @new_dentry contains the dentry structure for the new link. * Return 0 if permission is granted. * @inode_unlink: @@ -1355,7 +1355,7 @@ struct security_operations { char **name, void **value, size_t *len); int (*inode_create) (struct path *dir, struct dentry *dentry, int mode); int (*inode_link) (struct dentry *old_dentry, - struct inode *dir, struct dentry *new_dentry); + struct path *dir, struct dentry *new_dentry); int (*inode_unlink) (struct path *dir, struct dentry *dentry); int (*inode_symlink) (struct path *dir, struct dentry *dentry, const char *old_name); @@ -1626,7 +1626,7 @@ void security_inode_free(struct inode *i int security_inode_init_security(struct inode *inode, struct inode *dir, char **name, void **value, size_t *len); int security_inode_create(struct path *dir, struct dentry *dentry, int mode); -int security_inode_link(struct dentry *old_dentry, struct inode *dir, +int security_inode_link(struct dentry *old_dentry, struct path *dir, struct dentry *new_dentry); int security_inode_unlink(struct path *dir, struct dentry *dentry); int security_inode_symlink(struct path *dir, struct dentry *dentry, @@ -1972,7 +1972,7 @@ static inline int security_inode_create( } static inline int security_inode_link(struct dentry *old_dentry, - struct inode *dir, + struct path *dir, struct dentry *new_dentry) { return 0; Index: linux-2.6/security/dummy.c =================================================================== --- linux-2.6.orig/security/dummy.c 2008-05-29 12:20:54.000000000 +0200 +++ linux-2.6/security/dummy.c 2008-05-29 12:20:55.000000000 +0200 @@ -292,8 +292,8 @@ static int dummy_inode_create(struct pat return 0; } -static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, - struct dentry *new_dentry) +static int dummy_inode_link(struct dentry *old_dentry, struct path *dir, + struct dentry *new_dentry) { return 0; } Index: linux-2.6/security/security.c =================================================================== --- linux-2.6.orig/security/security.c 2008-05-29 12:20:54.000000000 +0200 +++ linux-2.6/security/security.c 2008-05-29 12:20:55.000000000 +0200 @@ -395,7 +395,7 @@ int security_inode_create(struct path *d return security_ops->inode_create(dir, dentry, mode); } -int security_inode_link(struct dentry *old_dentry, struct inode *dir, +int security_inode_link(struct dentry *old_dentry, struct path *dir, struct dentry *new_dentry) { if (unlikely(IS_PRIVATE(old_dentry->d_inode))) Index: linux-2.6/security/selinux/hooks.c =================================================================== --- linux-2.6.orig/security/selinux/hooks.c 2008-05-29 12:20:54.000000000 +0200 +++ linux-2.6/security/selinux/hooks.c 2008-05-29 12:20:55.000000000 +0200 @@ -2488,14 +2488,15 @@ static int selinux_inode_create(struct p return may_create(dir->dentry->d_inode, dentry, SECCLASS_FILE); } -static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) +static int selinux_inode_link(struct dentry *old_dentry, struct path *dir, + struct dentry *new_dentry) { int rc; rc = secondary_ops->inode_link(old_dentry, dir, new_dentry); if (rc) return rc; - return may_link(dir, old_dentry, MAY_LINK); + return may_link(dir->dentry->d_inode, old_dentry, MAY_LINK); } static int selinux_inode_unlink(struct path *dir, struct dentry *dentry) Index: linux-2.6/security/smack/smack_lsm.c =================================================================== --- linux-2.6.orig/security/smack/smack_lsm.c 2008-05-29 12:20:53.000000000 +0200 +++ linux-2.6/security/smack/smack_lsm.c 2008-05-29 12:20:55.000000000 +0200 @@ -412,7 +412,7 @@ static int smack_inode_init_security(str * * Returns 0 if access is permitted, an error code otherwise */ -static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, +static int smack_inode_link(struct dentry *old_dentry, struct path *dir, struct dentry *new_dentry) { int rc; -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/