[PATCH] switch a bunch of LSM hooks from nameidata to path
Namely, ones from namespace.c
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/fs/namespace.c b/fs/namespace.c
index af2fb37..87d2d82 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1220,7 +1220,7 @@
if (IS_DEADDIR(nd->path.dentry->d_inode))
goto out_unlock;
- err = security_sb_check_sb(mnt, nd);
+ err = security_sb_check_sb(mnt, &nd->path);
if (err)
goto out_unlock;
@@ -1230,7 +1230,7 @@
out_unlock:
mutex_unlock(&nd->path.dentry->d_inode->i_mutex);
if (!err)
- security_sb_post_addmount(mnt, nd);
+ security_sb_post_addmount(mnt, &nd->path);
return err;
}
@@ -1746,7 +1746,8 @@
if (retval)
return retval;
- retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
+ retval = security_sb_mount(dev_name, &nd.path,
+ type_page, flags, data_page);
if (retval)
goto dput_out;
@@ -2007,7 +2008,7 @@
if (error)
goto out1;
- error = security_sb_pivotroot(&old_nd, &new_nd);
+ error = security_sb_pivotroot(&old_nd.path, &new_nd.path);
if (error) {
path_put(&old_nd.path);
goto out1;
@@ -2070,7 +2071,7 @@
touch_mnt_namespace(current->nsproxy->mnt_ns);
spin_unlock(&vfsmount_lock);
chroot_fs_refs(&user_nd.path, &new_nd.path);
- security_sb_post_pivotroot(&user_nd, &new_nd);
+ security_sb_post_pivotroot(&user_nd.path, &new_nd.path);
error = 0;
path_put(&root_parent);
path_put(&parent_path);
diff --git a/include/linux/security.h b/include/linux/security.h
index fea1f4a..53a3453 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -230,7 +230,7 @@
* loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
* pathname of the object being mounted.
* @dev_name contains the name for object being mounted.
- * @nd contains the nameidata structure for mount point object.
+ * @path contains the path for mount point object.
* @type contains the filesystem type.
* @flags contains the mount flags.
* @data contains the filesystem-specific data.
@@ -249,7 +249,7 @@
* Check permission before the device with superblock @mnt->sb is mounted
* on the mount point named by @nd.
* @mnt contains the vfsmount for device being mounted.
- * @nd contains the nameidata object for the mount point.
+ * @path contains the path for the mount point.
* Return 0 if permission is granted.
* @sb_umount:
* Check permission before the @mnt file system is unmounted.
@@ -278,16 +278,16 @@
* This hook is called any time a mount is successfully grafetd to
* the tree.
* @mnt contains the mounted filesystem.
- * @mountpoint_nd contains the nameidata structure for the mount point.
+ * @mountpoint contains the path for the mount point.
* @sb_pivotroot:
* Check permission before pivoting the root filesystem.
- * @old_nd contains the nameidata structure for the new location of the current root (put_old).
- * @new_nd contains the nameidata structure for the new root (new_root).
+ * @old_path contains the path for the new location of the current root (put_old).
+ * @new_path contains the path for the new root (new_root).
* Return 0 if permission is granted.
* @sb_post_pivotroot:
* Update module state after a successful pivot.
- * @old_nd contains the nameidata structure for the old root.
- * @new_nd contains the nameidata structure for the new root.
+ * @old_path contains the path for the old root.
+ * @new_path contains the path for the new root.
* @sb_get_mnt_opts:
* Get the security relevant mount options used for a superblock
* @sb the superblock to get security mount options from
@@ -1315,20 +1315,20 @@
int (*sb_copy_data)(char *orig, char *copy);
int (*sb_kern_mount) (struct super_block *sb, void *data);
int (*sb_statfs) (struct dentry *dentry);
- int (*sb_mount) (char *dev_name, struct nameidata * nd,
+ int (*sb_mount) (char *dev_name, struct path *path,
char *type, unsigned long flags, void *data);
- int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd);
+ int (*sb_check_sb) (struct vfsmount * mnt, struct path *path);
int (*sb_umount) (struct vfsmount * mnt, int flags);
void (*sb_umount_close) (struct vfsmount * mnt);
void (*sb_umount_busy) (struct vfsmount * mnt);
void (*sb_post_remount) (struct vfsmount * mnt,
unsigned long flags, void *data);
void (*sb_post_addmount) (struct vfsmount * mnt,
- struct nameidata * mountpoint_nd);
- int (*sb_pivotroot) (struct nameidata * old_nd,
- struct nameidata * new_nd);
- void (*sb_post_pivotroot) (struct nameidata * old_nd,
- struct nameidata * new_nd);
+ struct path *mountpoint);
+ int (*sb_pivotroot) (struct path *old_path,
+ struct path *new_path);
+ void (*sb_post_pivotroot) (struct path *old_path,
+ struct path *new_path);
int (*sb_get_mnt_opts) (const struct super_block *sb,
struct security_mnt_opts *opts);
int (*sb_set_mnt_opts) (struct super_block *sb,
@@ -1593,16 +1593,16 @@
int security_sb_copy_data(char *orig, char *copy);
int security_sb_kern_mount(struct super_block *sb, void *data);
int security_sb_statfs(struct dentry *dentry);
-int security_sb_mount(char *dev_name, struct nameidata *nd,
+int security_sb_mount(char *dev_name, struct path *path,
char *type, unsigned long flags, void *data);
-int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd);
+int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
int security_sb_umount(struct vfsmount *mnt, int flags);
void security_sb_umount_close(struct vfsmount *mnt);
void security_sb_umount_busy(struct vfsmount *mnt);
void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
-void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
-int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
-void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
+void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint);
+int security_sb_pivotroot(struct path *old_path, struct path *new_path);
+void security_sb_post_pivotroot(struct path *old_path, struct path *new_path);
int security_sb_get_mnt_opts(const struct super_block *sb,
struct security_mnt_opts *opts);
int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
@@ -1872,7 +1872,7 @@
return 0;
}
-static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+static inline int security_sb_mount (char *dev_name, struct path *path,
char *type, unsigned long flags,
void *data)
{
@@ -1880,7 +1880,7 @@
}
static inline int security_sb_check_sb (struct vfsmount *mnt,
- struct nameidata *nd)
+ struct path *path)
{
return 0;
}
@@ -1901,17 +1901,17 @@
{ }
static inline void security_sb_post_addmount (struct vfsmount *mnt,
- struct nameidata *mountpoint_nd)
+ struct path *mountpoint)
{ }
-static inline int security_sb_pivotroot (struct nameidata *old_nd,
- struct nameidata *new_nd)
+static inline int security_sb_pivotroot (struct path *old_path,
+ struct path *new_path)
{
return 0;
}
-static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
- struct nameidata *new_nd)
+static inline void security_sb_post_pivotroot (struct path *old_path,
+ struct path *new_path)
{ }
static inline int security_sb_get_mnt_opts(const struct super_block *sb,
struct security_mnt_opts *opts)
diff --git a/security/dummy.c b/security/dummy.c
index 98d5f96..b0232bb 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -196,13 +196,13 @@
return 0;
}
-static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,
+static int dummy_sb_mount (char *dev_name, struct path *path, char *type,
unsigned long flags, void *data)
{
return 0;
}
-static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path)
{
return 0;
}
@@ -229,17 +229,17 @@
}
-static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path)
{
return;
}
-static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path)
{
return 0;
}
-static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path)
{
return;
}
diff --git a/security/security.c b/security/security.c
index 2e250c70..8a285c7 100644
--- a/security/security.c
+++ b/security/security.c
@@ -296,15 +296,15 @@
return security_ops->sb_statfs(dentry);
}
-int security_sb_mount(char *dev_name, struct nameidata *nd,
+int security_sb_mount(char *dev_name, struct path *path,
char *type, unsigned long flags, void *data)
{
- return security_ops->sb_mount(dev_name, nd, type, flags, data);
+ return security_ops->sb_mount(dev_name, path, type, flags, data);
}
-int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd)
+int security_sb_check_sb(struct vfsmount *mnt, struct path *path)
{
- return security_ops->sb_check_sb(mnt, nd);
+ return security_ops->sb_check_sb(mnt, path);
}
int security_sb_umount(struct vfsmount *mnt, int flags)
@@ -327,19 +327,19 @@
security_ops->sb_post_remount(mnt, flags, data);
}
-void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd)
+void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)
{
- security_ops->sb_post_addmount(mnt, mountpoint_nd);
+ security_ops->sb_post_addmount(mnt, mountpoint);
}
-int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
+int security_sb_pivotroot(struct path *old_path, struct path *new_path)
{
- return security_ops->sb_pivotroot(old_nd, new_nd);
+ return security_ops->sb_pivotroot(old_path, new_path);
}
-void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
+void security_sb_post_pivotroot(struct path *old_path, struct path *new_path)
{
- security_ops->sb_post_pivotroot(old_nd, new_nd);
+ security_ops->sb_post_pivotroot(old_path, new_path);
}
int security_sb_get_mnt_opts(const struct super_block *sb,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1bf2543..38fbb16 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2392,22 +2392,22 @@
}
static int selinux_mount(char *dev_name,
- struct nameidata *nd,
+ struct path *path,
char *type,
unsigned long flags,
void *data)
{
int rc;
- rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
+ rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
if (rc)
return rc;
if (flags & MS_REMOUNT)
- return superblock_has_perm(current, nd->path.mnt->mnt_sb,
+ return superblock_has_perm(current, path->mnt->mnt_sb,
FILESYSTEM__REMOUNT, NULL);
else
- return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,
+ return dentry_has_perm(current, path->mnt, path->dentry,
FILE__MOUNTON);
}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 93f5b0c..4215971 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -315,10 +315,10 @@
* Returns 0 if current can write the floor of the filesystem
* being mounted on, an error code otherwise.
*/
-static int smack_sb_mount(char *dev_name, struct nameidata *nd,
+static int smack_sb_mount(char *dev_name, struct path *path,
char *type, unsigned long flags, void *data)
{
- struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
+ struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
return smk_curacc(sbp->smk_floor, MAY_WRITE);
}