If we unhash the dentry before calling the security_inode_rmdir hook,
we cannot compute the file's pathname in the hook anymore. AppArmor
needs to know the filename in order to decide whether a file may be
deleted, though.

Signed-off-by: John Johansen <[EMAIL PROTECTED]>
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]>

---
 fs/namei.c |   13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2034,6 +2034,10 @@ int vfs_rmdir(struct inode *dir, struct 
        if (!dir->i_op || !dir->i_op->rmdir)
                return -EPERM;
 
+       error = security_inode_rmdir(dir, dentry, mnt);
+       if (error)
+               return error;
+
        DQUOT_INIT(dir);
 
        mutex_lock(&dentry->d_inode->i_mutex);
@@ -2041,12 +2045,9 @@ int vfs_rmdir(struct inode *dir, struct 
        if (d_mountpoint(dentry))
                error = -EBUSY;
        else {
-               error = security_inode_rmdir(dir, dentry, mnt);
-               if (!error) {
-                       error = dir->i_op->rmdir(dir, dentry);
-                       if (!error)
-                               dentry->d_inode->i_flags |= S_DEAD;
-               }
+               error = dir->i_op->rmdir(dir, dentry);
+               if (!error)
+                       dentry->d_inode->i_flags |= S_DEAD;
        }
        mutex_unlock(&dentry->d_inode->i_mutex);
        if (!error) {

-- 
-
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to