From: Kentaro Takeda <takedakn@nttdata.co.jp>
To: linux-fsdevel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Subject: [RFC] Add vfsmount to vfs helper functions.
Date: Fri, 25 Jan 2008 19:20:56 +0900 [thread overview]
Message-ID: <4799B808.8080002@nttdata.co.jp> (raw)
In the LSM ml, we are discussing about
"how to know requested pathnames within LSM modules".
Currently, VFS helper functions don't pass "struct vfsmount" parameter.
Therefore, we cannot calculate requested pathnames within LSM modules
because LSM hooks can't know "struct vfsmount" parameter that corresponds with
"struct dentry" passed to VFS helper functions.
AppArmor is proposing a patch that appends "struct vfsmount" parameters to
VFS helper functions so that LSM modules (SELinux, AppArmor, TOMOYO) can
calculate requested pathnames.
The changes in include/linux/fs.h are shown below.
What do you think about these changes?
----- Start of changes -----
--- fs.h.orig
+++ fs.h
@@ -1070,13 +1070,13 @@
*/
extern int vfs_permission(struct nameidata *, int);
extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *);
-extern int vfs_mkdir(struct inode *, struct dentry *, int);
-extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t);
-extern int vfs_symlink(struct inode *, struct dentry *, const char *, int);
-extern int vfs_link(struct dentry *, struct inode *, struct dentry *);
-extern int vfs_rmdir(struct inode *, struct dentry *);
-extern int vfs_unlink(struct inode *, struct dentry *);
-extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *);
+extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int);
+extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, dev_t);
+extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, const char *, int);
+extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
+extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *);
+extern int vfs_unlink(struct inode *, struct dentry *, struct vfsmount *);
+extern int vfs_rename(struct inode *, struct dentry *, struct vfsmount *, struct inode *, struct dentry *, struct vfsmount *);
/*
* VFS dentry helper functions.
@@ -1538,8 +1538,8 @@
/* fs/open.c */
-extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
- struct file *filp);
+extern int do_truncate(struct dentry *, struct vfsmount *, loff_t start,
+ unsigned int time_attrs, struct file *filp);
extern long do_sys_open(int dfd, const char __user *filename, int flags,
int mode);
extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
@@ -1695,7 +1695,7 @@
#ifdef CONFIG_BLOCK
extern sector_t bmap(struct inode *, sector_t);
#endif
-extern int notify_change(struct dentry *, struct iattr *);
+extern int notify_change(struct dentry *, struct vfsmount *, struct iattr *);
extern int permission(struct inode *, int, struct nameidata *);
extern int generic_permission(struct inode *, int,
int (*check_acl)(struct inode *, int));
@@ -1757,9 +1757,9 @@
extern void clear_inode(struct inode *);
extern void destroy_inode(struct inode *);
extern struct inode *new_inode(struct super_block *);
-extern int __remove_suid(struct dentry *, int);
+extern int __remove_suid(struct path *, int);
extern int should_remove_suid(struct dentry *);
-extern int remove_suid(struct dentry *);
+extern int remove_suid(struct path *);
extern void __insert_inode_hash(struct inode *, unsigned long hashval);
extern void remove_inode_hash(struct inode *);
----- End of changes -----
next reply other threads:[~2008-01-25 10:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-25 10:20 Kentaro Takeda [this message]
2008-01-30 13:00 ` [RFC] Add vfsmount to vfs helper functions Al Viro
2008-02-02 14:23 ` Tetsuo Handa
2008-02-17 9:00 ` Tetsuo Handa
2008-02-17 23:38 ` Al Viro
2008-02-18 0:03 ` Tetsuo Handa
2008-02-18 0:40 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4799B808.8080002@nttdata.co.jp \
--to=takedakn@nttdata.co.jp \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).