diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:22 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:22 -0500 |
commit | 745ca2475a6ac596e3d8d37c2759c0fbe2586227 (patch) | |
tree | f87c34bdfbc8542477b16a014bbb4e3b415b286a /fs/ecryptfs | |
parent | 88e67f3b8898c5ea81d2916dd5b8bc9c0c35ba13 (diff) |
CRED: Pass credentials through dentry_open()
Pass credentials through dentry_open() so that the COW creds patch can have
SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
when it opens its null chardev.
The security_dentry_open() call also now takes a creds pointer, as does the
dentry_open hook in struct security_operations.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 3 | ||||
-rw-r--r-- | fs/ecryptfs/kthread.c | 9 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 3 |
3 files changed, 9 insertions, 6 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 3504cf9df358..a75026d35d16 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void); | |||
691 | void ecryptfs_destroy_kthread(void); | 691 | void ecryptfs_destroy_kthread(void); |
692 | int ecryptfs_privileged_open(struct file **lower_file, | 692 | int ecryptfs_privileged_open(struct file **lower_file, |
693 | struct dentry *lower_dentry, | 693 | struct dentry *lower_dentry, |
694 | struct vfsmount *lower_mnt); | 694 | struct vfsmount *lower_mnt, |
695 | const struct cred *cred); | ||
695 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); | 696 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); |
696 | 697 | ||
697 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 698 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c index c440c6b58b2d..c6d7a4d748a0 100644 --- a/fs/ecryptfs/kthread.c +++ b/fs/ecryptfs/kthread.c | |||
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored) | |||
73 | mntget(req->lower_mnt); | 73 | mntget(req->lower_mnt); |
74 | (*req->lower_file) = dentry_open( | 74 | (*req->lower_file) = dentry_open( |
75 | req->lower_dentry, req->lower_mnt, | 75 | req->lower_dentry, req->lower_mnt, |
76 | (O_RDWR | O_LARGEFILE)); | 76 | (O_RDWR | O_LARGEFILE), current_cred()); |
77 | req->flags |= ECRYPTFS_REQ_PROCESSED; | 77 | req->flags |= ECRYPTFS_REQ_PROCESSED; |
78 | } | 78 | } |
79 | wake_up(&req->wait); | 79 | wake_up(&req->wait); |
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void) | |||
132 | */ | 132 | */ |
133 | int ecryptfs_privileged_open(struct file **lower_file, | 133 | int ecryptfs_privileged_open(struct file **lower_file, |
134 | struct dentry *lower_dentry, | 134 | struct dentry *lower_dentry, |
135 | struct vfsmount *lower_mnt) | 135 | struct vfsmount *lower_mnt, |
136 | const struct cred *cred) | ||
136 | { | 137 | { |
137 | struct ecryptfs_open_req *req; | 138 | struct ecryptfs_open_req *req; |
138 | int rc = 0; | 139 | int rc = 0; |
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
143 | dget(lower_dentry); | 144 | dget(lower_dentry); |
144 | mntget(lower_mnt); | 145 | mntget(lower_mnt); |
145 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 146 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
146 | (O_RDWR | O_LARGEFILE)); | 147 | (O_RDWR | O_LARGEFILE), cred); |
147 | if (!IS_ERR(*lower_file)) | 148 | if (!IS_ERR(*lower_file)) |
148 | goto out; | 149 | goto out; |
149 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); | 150 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); |
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
184 | dget(lower_dentry); | 185 | dget(lower_dentry); |
185 | mntget(lower_mnt); | 186 | mntget(lower_mnt); |
186 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 187 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
187 | (O_RDONLY | O_LARGEFILE)); | 188 | (O_RDONLY | O_LARGEFILE), cred); |
188 | if (IS_ERR(*lower_file)) { | 189 | if (IS_ERR(*lower_file)) { |
189 | rc = PTR_ERR(*req->lower_file); | 190 | rc = PTR_ERR(*req->lower_file); |
190 | (*lower_file) = NULL; | 191 | (*lower_file) = NULL; |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 64d2ba980df4..fd630713c5c7 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...) | |||
115 | */ | 115 | */ |
116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | 116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) |
117 | { | 117 | { |
118 | const struct cred *cred = current_cred(); | ||
118 | struct ecryptfs_inode_info *inode_info = | 119 | struct ecryptfs_inode_info *inode_info = |
119 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | 120 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); |
120 | int rc = 0; | 121 | int rc = 0; |
@@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | |||
127 | 128 | ||
128 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); | 129 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); |
129 | rc = ecryptfs_privileged_open(&inode_info->lower_file, | 130 | rc = ecryptfs_privileged_open(&inode_info->lower_file, |
130 | lower_dentry, lower_mnt); | 131 | lower_dentry, lower_mnt, cred); |
131 | if (rc || IS_ERR(inode_info->lower_file)) { | 132 | if (rc || IS_ERR(inode_info->lower_file)) { |
132 | printk(KERN_ERR "Error opening lower persistent file " | 133 | printk(KERN_ERR "Error opening lower persistent file " |
133 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " | 134 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " |