Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits)
  SELinux: don't check permissions for kernel mounts
  security: pass mount flags to security_sb_kern_mount()
  SELinux: correctly detect proc filesystems of the form "proc/foo"
  Audit: Log TIOCSTI
  user namespaces: document CFS behavior
  user namespaces: require cap_set{ug}id for CLONE_NEWUSER
  user namespaces: let user_ns be cloned with fairsched
  CRED: fix sparse warnings
  User namespaces: use the current_user_ns() macro
  User namespaces: set of cleanups (v2)
  nfsctl: add headers for credentials
  coda: fix creds reference
  capabilities: define get_vfs_caps_from_disk when file caps are not enabled
  CRED: Allow kernel services to override LSM settings for task actions
  CRED: Add a kernel_service object class to SELinux
  CRED: Differentiate objective and effective subjective credentials on a task
  CRED: Documentation
  CRED: Use creds in file structs
  CRED: Prettify commoncap.c
  CRED: Make execve() take advantage of copy-on-write credentials
  ...

1 files changed, 5 insertions, 4 deletions

diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index c440c6b58b2d..c6d7a4d748a0 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored)
                                 mntget(req->lower_mnt);
                                 (*req->lower_file) = dentry_open(
                                         req->lower_dentry, req->lower_mnt,
-                                        (O_RDWR | O_LARGEFILE));
+                                        (O_RDWR | O_LARGEFILE), current_cred());
                                 req->flags |= ECRYPTFS_REQ_PROCESSED;
                         }
                         wake_up(&req->wait);
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void)
  */
 int ecryptfs_privileged_open(struct file **lower_file,
                              struct dentry *lower_dentry,
-                             struct vfsmount *lower_mnt)
+                             struct vfsmount *lower_mnt,
+                             const struct cred *cred)
 {
         struct ecryptfs_open_req *req;
         int rc = 0;
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
         dget(lower_dentry);
         mntget(lower_mnt);
         (*lower_file) = dentry_open(lower_dentry, lower_mnt,
-                                    (O_RDWR | O_LARGEFILE));
+                                    (O_RDWR | O_LARGEFILE), cred);
         if (!IS_ERR(*lower_file))
                 goto out;
         req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
                 dget(lower_dentry);
                 mntget(lower_mnt);
                 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
-                                            (O_RDONLY | O_LARGEFILE));
+                                            (O_RDONLY | O_LARGEFILE), cred);
                 if (IS_ERR(*lower_file)) {
                         rc = PTR_ERR(*req->lower_file);
                         (*lower_file) = NULL;