diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:22 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:22 -0500 |
| commit | 745ca2475a6ac596e3d8d37c2759c0fbe2586227 (patch) | |
| tree | f87c34bdfbc8542477b16a014bbb4e3b415b286a /fs/ecryptfs | |
| parent | 88e67f3b8898c5ea81d2916dd5b8bc9c0c35ba13 (diff) | |
CRED: Pass credentials through dentry_open()
Pass credentials through dentry_open() so that the COW creds patch can have
SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
when it opens its null chardev.
The security_dentry_open() call also now takes a creds pointer, as does the
dentry_open hook in struct security_operations.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/ecryptfs')
| -rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 3 | ||||
| -rw-r--r-- | fs/ecryptfs/kthread.c | 9 | ||||
| -rw-r--r-- | fs/ecryptfs/main.c | 3 |
3 files changed, 9 insertions, 6 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 3504cf9df358..a75026d35d16 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
| @@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void); | |||
| 691 | void ecryptfs_destroy_kthread(void); | 691 | void ecryptfs_destroy_kthread(void); |
| 692 | int ecryptfs_privileged_open(struct file **lower_file, | 692 | int ecryptfs_privileged_open(struct file **lower_file, |
| 693 | struct dentry *lower_dentry, | 693 | struct dentry *lower_dentry, |
| 694 | struct vfsmount *lower_mnt); | 694 | struct vfsmount *lower_mnt, |
| 695 | const struct cred *cred); | ||
| 695 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); | 696 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); |
| 696 | 697 | ||
| 697 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 698 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c index c440c6b58b2d..c6d7a4d748a0 100644 --- a/fs/ecryptfs/kthread.c +++ b/fs/ecryptfs/kthread.c | |||
| @@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored) | |||
| 73 | mntget(req->lower_mnt); | 73 | mntget(req->lower_mnt); |
| 74 | (*req->lower_file) = dentry_open( | 74 | (*req->lower_file) = dentry_open( |
| 75 | req->lower_dentry, req->lower_mnt, | 75 | req->lower_dentry, req->lower_mnt, |
| 76 | (O_RDWR | O_LARGEFILE)); | 76 | (O_RDWR | O_LARGEFILE), current_cred()); |
| 77 | req->flags |= ECRYPTFS_REQ_PROCESSED; | 77 | req->flags |= ECRYPTFS_REQ_PROCESSED; |
| 78 | } | 78 | } |
| 79 | wake_up(&req->wait); | 79 | wake_up(&req->wait); |
| @@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void) | |||
| 132 | */ | 132 | */ |
| 133 | int ecryptfs_privileged_open(struct file **lower_file, | 133 | int ecryptfs_privileged_open(struct file **lower_file, |
| 134 | struct dentry *lower_dentry, | 134 | struct dentry *lower_dentry, |
| 135 | struct vfsmount *lower_mnt) | 135 | struct vfsmount *lower_mnt, |
| 136 | const struct cred *cred) | ||
| 136 | { | 137 | { |
| 137 | struct ecryptfs_open_req *req; | 138 | struct ecryptfs_open_req *req; |
| 138 | int rc = 0; | 139 | int rc = 0; |
| @@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
| 143 | dget(lower_dentry); | 144 | dget(lower_dentry); |
| 144 | mntget(lower_mnt); | 145 | mntget(lower_mnt); |
| 145 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 146 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
| 146 | (O_RDWR | O_LARGEFILE)); | 147 | (O_RDWR | O_LARGEFILE), cred); |
| 147 | if (!IS_ERR(*lower_file)) | 148 | if (!IS_ERR(*lower_file)) |
| 148 | goto out; | 149 | goto out; |
| 149 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); | 150 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); |
| @@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
| 184 | dget(lower_dentry); | 185 | dget(lower_dentry); |
| 185 | mntget(lower_mnt); | 186 | mntget(lower_mnt); |
| 186 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 187 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
| 187 | (O_RDONLY | O_LARGEFILE)); | 188 | (O_RDONLY | O_LARGEFILE), cred); |
| 188 | if (IS_ERR(*lower_file)) { | 189 | if (IS_ERR(*lower_file)) { |
| 189 | rc = PTR_ERR(*req->lower_file); | 190 | rc = PTR_ERR(*req->lower_file); |
| 190 | (*lower_file) = NULL; | 191 | (*lower_file) = NULL; |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 64d2ba980df4..fd630713c5c7 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
| @@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...) | |||
| 115 | */ | 115 | */ |
| 116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | 116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) |
| 117 | { | 117 | { |
| 118 | const struct cred *cred = current_cred(); | ||
| 118 | struct ecryptfs_inode_info *inode_info = | 119 | struct ecryptfs_inode_info *inode_info = |
| 119 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | 120 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); |
| 120 | int rc = 0; | 121 | int rc = 0; |
| @@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | |||
| 127 | 128 | ||
| 128 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); | 129 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); |
| 129 | rc = ecryptfs_privileged_open(&inode_info->lower_file, | 130 | rc = ecryptfs_privileged_open(&inode_info->lower_file, |
| 130 | lower_dentry, lower_mnt); | 131 | lower_dentry, lower_mnt, cred); |
| 131 | if (rc || IS_ERR(inode_info->lower_file)) { | 132 | if (rc || IS_ERR(inode_info->lower_file)) { |
| 132 | printk(KERN_ERR "Error opening lower persistent file " | 133 | printk(KERN_ERR "Error opening lower persistent file " |
| 133 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " | 134 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " |