aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:22 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:22 -0500
commit745ca2475a6ac596e3d8d37c2759c0fbe2586227 (patch)
treef87c34bdfbc8542477b16a014bbb4e3b415b286a /fs/ecryptfs
parent88e67f3b8898c5ea81d2916dd5b8bc9c0c35ba13 (diff)
CRED: Pass credentials through dentry_open()
Pass credentials through dentry_open() so that the COW creds patch can have SELinux's flush_unauthorized_files() pass the appropriate creds back to itself when it opens its null chardev. The security_dentry_open() call also now takes a creds pointer, as does the dentry_open hook in struct security_operations. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h3
-rw-r--r--fs/ecryptfs/kthread.c9
-rw-r--r--fs/ecryptfs/main.c3
3 files changed, 9 insertions, 6 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 3504cf9df358..a75026d35d16 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void);
691void ecryptfs_destroy_kthread(void); 691void ecryptfs_destroy_kthread(void);
692int ecryptfs_privileged_open(struct file **lower_file, 692int ecryptfs_privileged_open(struct file **lower_file,
693 struct dentry *lower_dentry, 693 struct dentry *lower_dentry,
694 struct vfsmount *lower_mnt); 694 struct vfsmount *lower_mnt,
695 const struct cred *cred);
695int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); 696int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);
696 697
697#endif /* #ifndef ECRYPTFS_KERNEL_H */ 698#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index c440c6b58b2d..c6d7a4d748a0 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored)
73 mntget(req->lower_mnt); 73 mntget(req->lower_mnt);
74 (*req->lower_file) = dentry_open( 74 (*req->lower_file) = dentry_open(
75 req->lower_dentry, req->lower_mnt, 75 req->lower_dentry, req->lower_mnt,
76 (O_RDWR | O_LARGEFILE)); 76 (O_RDWR | O_LARGEFILE), current_cred());
77 req->flags |= ECRYPTFS_REQ_PROCESSED; 77 req->flags |= ECRYPTFS_REQ_PROCESSED;
78 } 78 }
79 wake_up(&req->wait); 79 wake_up(&req->wait);
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void)
132 */ 132 */
133int ecryptfs_privileged_open(struct file **lower_file, 133int ecryptfs_privileged_open(struct file **lower_file,
134 struct dentry *lower_dentry, 134 struct dentry *lower_dentry,
135 struct vfsmount *lower_mnt) 135 struct vfsmount *lower_mnt,
136 const struct cred *cred)
136{ 137{
137 struct ecryptfs_open_req *req; 138 struct ecryptfs_open_req *req;
138 int rc = 0; 139 int rc = 0;
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
143 dget(lower_dentry); 144 dget(lower_dentry);
144 mntget(lower_mnt); 145 mntget(lower_mnt);
145 (*lower_file) = dentry_open(lower_dentry, lower_mnt, 146 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
146 (O_RDWR | O_LARGEFILE)); 147 (O_RDWR | O_LARGEFILE), cred);
147 if (!IS_ERR(*lower_file)) 148 if (!IS_ERR(*lower_file))
148 goto out; 149 goto out;
149 req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); 150 req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
184 dget(lower_dentry); 185 dget(lower_dentry);
185 mntget(lower_mnt); 186 mntget(lower_mnt);
186 (*lower_file) = dentry_open(lower_dentry, lower_mnt, 187 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
187 (O_RDONLY | O_LARGEFILE)); 188 (O_RDONLY | O_LARGEFILE), cred);
188 if (IS_ERR(*lower_file)) { 189 if (IS_ERR(*lower_file)) {
189 rc = PTR_ERR(*req->lower_file); 190 rc = PTR_ERR(*req->lower_file);
190 (*lower_file) = NULL; 191 (*lower_file) = NULL;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 64d2ba980df4..fd630713c5c7 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...)
115 */ 115 */
116int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) 116int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
117{ 117{
118 const struct cred *cred = current_cred();
118 struct ecryptfs_inode_info *inode_info = 119 struct ecryptfs_inode_info *inode_info =
119 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 120 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
120 int rc = 0; 121 int rc = 0;
@@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
127 128
128 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 129 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
129 rc = ecryptfs_privileged_open(&inode_info->lower_file, 130 rc = ecryptfs_privileged_open(&inode_info->lower_file,
130 lower_dentry, lower_mnt); 131 lower_dentry, lower_mnt, cred);
131 if (rc || IS_ERR(inode_info->lower_file)) { 132 if (rc || IS_ERR(inode_info->lower_file)) {
132 printk(KERN_ERR "Error opening lower persistent file " 133 printk(KERN_ERR "Error opening lower persistent file "
133 "for lower_dentry [0x%p] and lower_mnt [0x%p]; " 134 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "