This allows LSMs to also distinguish between file descriptor and path access for the xattr operations. (The other relevant operations are covered by the setattr hook.)
Signed-off-by: Andreas Gruenbacher <[EMAIL PROTECTED]> Signed-off-by: John Johansen <[EMAIL PROTECTED]> --- fs/nfsd/vfs.c | 12 +++++---- fs/unionfs/copyup.c | 12 +++++---- fs/unionfs/xattr.c | 9 +++---- fs/xattr.c | 60 +++++++++++++++++++++++++---------------------- include/linux/security.h | 40 ++++++++++++++++++------------- include/linux/xattr.h | 10 ++++--- security/commoncap.c | 4 +-- security/dummy.c | 10 ++++--- security/security.c | 21 +++++++++------- security/selinux/hooks.c | 10 ++++--- 10 files changed, 107 insertions(+), 81 deletions(-) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -413,7 +413,7 @@ static ssize_t nfsd_getxattr(struct dent { ssize_t buflen; - buflen = vfs_getxattr(dentry, mnt, key, NULL, 0); + buflen = vfs_getxattr(dentry, mnt, key, NULL, 0, NULL); if (buflen <= 0) return buflen; @@ -421,7 +421,7 @@ static ssize_t nfsd_getxattr(struct dent if (!*buf) return -ENOMEM; - return vfs_getxattr(dentry, mnt, key, *buf, buflen); + return vfs_getxattr(dentry, mnt, key, *buf, buflen, NULL); } #endif @@ -447,7 +447,7 @@ set_nfsv4_acl_one(struct dentry *dentry, goto out; } - error = vfs_setxattr(dentry, mnt, key, buf, len, 0); + error = vfs_setxattr(dentry, mnt, key, buf, len, 0, NULL); out: kfree(buf); return error; @@ -2067,12 +2067,14 @@ nfsd_set_posix_acl(struct svc_fh *fhp, i mnt = fhp->fh_export->ex_path.mnt; if (size) - error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size, 0); + error = vfs_setxattr(fhp->fh_dentry, mnt, name, value, size, 0, + NULL); else { if (!S_ISDIR(inode->i_mode) && type == ACL_TYPE_DEFAULT) error = 0; else { - error = vfs_removexattr(fhp->fh_dentry, mnt, name); + error = vfs_removexattr(fhp->fh_dentry, mnt, name, + NULL); if (error == -ENODATA) error = 0; } --- a/fs/unionfs/copyup.c +++ b/fs/unionfs/copyup.c @@ -37,7 +37,8 @@ static int copyup_xattrs(struct dentry * char *name_list_buf = NULL; /* query the actual size of the xattr list */ - list_size = vfs_listxattr(old_lower_dentry, old_lower_mnt, NULL, 0); + list_size = vfs_listxattr(old_lower_dentry, old_lower_mnt, NULL, 0, + NULL); if (list_size <= 0) { err = list_size; goto out; @@ -54,7 +55,7 @@ static int copyup_xattrs(struct dentry * /* now get the actual xattr list of the source file */ list_size = vfs_listxattr(old_lower_dentry, old_lower_mnt, name_list, - list_size); + list_size, NULL); if (list_size <= 0) { err = list_size; goto out; @@ -74,7 +75,7 @@ static int copyup_xattrs(struct dentry * /* Lock here since vfs_getxattr doesn't lock for us */ mutex_lock(&old_lower_dentry->d_inode->i_mutex); size = vfs_getxattr(old_lower_dentry, old_lower_mnt, name_list, - attr_value, XATTR_SIZE_MAX); + attr_value, XATTR_SIZE_MAX, NULL); mutex_unlock(&old_lower_dentry->d_inode->i_mutex); if (size < 0) { err = size; @@ -86,7 +87,7 @@ static int copyup_xattrs(struct dentry * } /* Don't lock here since vfs_setxattr does it for us. */ err = vfs_setxattr(new_lower_dentry, new_lower_mnt, name_list, - attr_value, size, 0); + attr_value, size, 0, NULL); /* * Selinux depends on "security.*" xattrs, so to maintain * the security of copied-up files, if Selinux is active, @@ -97,7 +98,8 @@ static int copyup_xattrs(struct dentry * if (err == -EPERM && !capable(CAP_FOWNER)) { cap_raise(current->cap_effective, CAP_FOWNER); err = vfs_setxattr(new_lower_dentry, new_lower_mnt, - name_list, attr_value, size, 0); + name_list, attr_value, size, 0, + NULL); cap_lower(current->cap_effective, CAP_FOWNER); } if (err < 0) --- a/fs/unionfs/xattr.c +++ b/fs/unionfs/xattr.c @@ -57,7 +57,8 @@ ssize_t unionfs_getxattr(struct dentry * lower_dentry = unionfs_lower_dentry(dentry); lower_mnt = unionfs_lower_mnt(dentry); - err = vfs_getxattr(lower_dentry, lower_mnt, (char *) name, value, size); + err = vfs_getxattr(lower_dentry, lower_mnt, (char *) name, value, size, + NULL); out: unionfs_check_dentry(dentry); @@ -90,7 +91,7 @@ int unionfs_setxattr(struct dentry *dent lower_mnt = unionfs_lower_mnt(dentry); err = vfs_setxattr(lower_dentry, lower_mnt, (char *) name, - (void *) value, size, flags); + (void *) value, size, flags, NULL); out: unionfs_check_dentry(dentry); @@ -120,7 +121,7 @@ int unionfs_removexattr(struct dentry *d lower_dentry = unionfs_lower_dentry(dentry); lower_mnt = unionfs_lower_mnt(dentry); - err = vfs_removexattr(lower_dentry, lower_mnt, (char *) name); + err = vfs_removexattr(lower_dentry, lower_mnt, (char *) name, NULL); out: unionfs_check_dentry(dentry); @@ -152,7 +153,7 @@ ssize_t unionfs_listxattr(struct dentry lower_mnt = unionfs_lower_mnt(dentry); encoded_list = list; - err = vfs_listxattr(lower_dentry, lower_mnt, encoded_list, size); + err = vfs_listxattr(lower_dentry, lower_mnt, encoded_list, size, NULL); out: unionfs_check_dentry(dentry); --- a/fs/xattr.c +++ b/fs/xattr.c @@ -68,7 +68,7 @@ xattr_permission(struct inode *inode, co int vfs_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, - void *value, size_t size, int flags) + void *value, size_t size, int flags, struct file *file) { struct inode *inode = dentry->d_inode; int error; @@ -78,7 +78,7 @@ vfs_setxattr(struct dentry *dentry, stru return error; mutex_lock(&inode->i_mutex); - error = security_inode_setxattr(dentry, mnt, name, value, size, flags); + error = security_inode_setxattr(dentry, mnt, name, value, size, flags, file); if (error) goto out; error = -EOPNOTSUPP; @@ -132,7 +132,7 @@ EXPORT_SYMBOL_GPL(xattr_getsecurity); ssize_t vfs_getxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, - void *value, size_t size) + void *value, size_t size, struct file *file) { struct inode *inode = dentry->d_inode; int error; @@ -141,7 +141,7 @@ vfs_getxattr(struct dentry *dentry, stru if (error) return error; - error = security_inode_getxattr(dentry, mnt, name); + error = security_inode_getxattr(dentry, mnt, name, file); if (error) return error; @@ -169,12 +169,12 @@ EXPORT_SYMBOL_GPL(vfs_getxattr); ssize_t vfs_listxattr(struct dentry *dentry, struct vfsmount *mnt, char *list, - size_t size) + size_t size, struct file *file) { struct inode *inode = dentry->d_inode; ssize_t error; - error = security_inode_listxattr(dentry, mnt); + error = security_inode_listxattr(dentry, mnt, file); if (error) return error; error = -EOPNOTSUPP; @@ -190,7 +190,8 @@ vfs_listxattr(struct dentry *dentry, str EXPORT_SYMBOL_GPL(vfs_listxattr); int -vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name) +vfs_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name, + struct file *file) { struct inode *inode = dentry->d_inode; int error; @@ -202,7 +203,7 @@ vfs_removexattr(struct dentry *dentry, s if (error) return error; - error = security_inode_removexattr(dentry, mnt, name); + error = security_inode_removexattr(dentry, mnt, name, file); if (error) return error; @@ -222,7 +223,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); */ static long setxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name, - void __user *value, size_t size, int flags) + void __user *value, size_t size, int flags, struct file *file) { int error; void *kvalue = NULL; @@ -249,7 +250,7 @@ setxattr(struct dentry *dentry, struct v } } - error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags); + error = vfs_setxattr(dentry, mnt, kname, kvalue, size, flags, file); kfree(kvalue); return error; } @@ -267,7 +268,8 @@ sys_setxattr(char __user *path, char __u error = mnt_want_write(nd.path.mnt); if (error) return error; - error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags); + error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags, + NULL); mnt_drop_write(nd.path.mnt); path_put(&nd.path); return error; @@ -286,7 +288,8 @@ sys_lsetxattr(char __user *path, char __ error = mnt_want_write(nd.path.mnt); if (error) return error; - error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags); + error = setxattr(nd.path.dentry, nd.path.mnt, name, value, size, flags, + NULL); mnt_drop_write(nd.path.mnt); path_put(&nd.path); return error; @@ -308,7 +311,7 @@ sys_fsetxattr(int fd, char __user *name, goto out_fput; dentry = f->f_path.dentry; audit_inode(NULL, dentry); - error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags); + error = setxattr(dentry, f->f_vfsmnt, name, value, size, flags, f); mnt_drop_write(f->f_vfsmnt); out_fput: fput(f); @@ -320,7 +323,7 @@ out_fput: */ static ssize_t getxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name, - void __user *value, size_t size) + void __user *value, size_t size, struct file *file) { ssize_t error; void *kvalue = NULL; @@ -340,7 +343,7 @@ getxattr(struct dentry *dentry, struct v return -ENOMEM; } - error = vfs_getxattr(dentry, mnt, kname, kvalue, size); + error = vfs_getxattr(dentry, mnt, kname, kvalue, size, file); if (error > 0) { if (size && copy_to_user(value, kvalue, error)) error = -EFAULT; @@ -363,7 +366,7 @@ sys_getxattr(char __user *path, char __u error = user_path_walk(path, &nd); if (error) return error; - error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size); + error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size, NULL); path_put(&nd.path); return error; } @@ -378,7 +381,7 @@ sys_lgetxattr(char __user *path, char __ error = user_path_walk_link(path, &nd); if (error) return error; - error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size); + error = getxattr(nd.path.dentry, nd.path.mnt, name, value, size, NULL); path_put(&nd.path); return error; } @@ -393,7 +396,7 @@ sys_fgetxattr(int fd, char __user *name, if (!f) return error; audit_inode(NULL, f->f_path.dentry); - error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size); + error = getxattr(f->f_path.dentry, f->f_path.mnt, name, value, size, f); fput(f); return error; } @@ -403,7 +406,7 @@ sys_fgetxattr(int fd, char __user *name, */ static ssize_t listxattr(struct dentry *dentry, struct vfsmount *mnt, char __user *list, - size_t size) + size_t size, struct file *file) { ssize_t error; char *klist = NULL; @@ -416,7 +419,7 @@ listxattr(struct dentry *dentry, struct return -ENOMEM; } - error = vfs_listxattr(dentry, mnt, klist, size); + error = vfs_listxattr(dentry, mnt, klist, size, file); if (error > 0) { if (size && copy_to_user(list, klist, error)) error = -EFAULT; @@ -438,7 +441,7 @@ sys_listxattr(char __user *path, char __ error = user_path_walk(path, &nd); if (error) return error; - error = listxattr(nd.path.dentry, nd.path.mnt, list, size); + error = listxattr(nd.path.dentry, nd.path.mnt, list, size, NULL); path_put(&nd.path); return error; } @@ -452,7 +455,7 @@ sys_llistxattr(char __user *path, char _ error = user_path_walk_link(path, &nd); if (error) return error; - error = listxattr(nd.path.dentry, nd.path.mnt, list, size); + error = listxattr(nd.path.dentry, nd.path.mnt, list, size, NULL); path_put(&nd.path); return error; } @@ -467,7 +470,7 @@ sys_flistxattr(int fd, char __user *list if (!f) return error; audit_inode(NULL, f->f_path.dentry); - error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size); + error = listxattr(f->f_path.dentry, f->f_path.mnt, list, size, f); fput(f); return error; } @@ -476,7 +479,8 @@ sys_flistxattr(int fd, char __user *list * Extended attribute REMOVE operations */ static long -removexattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name) +removexattr(struct dentry *dentry, struct vfsmount *mnt, char __user *name, + struct file *file) { int error; char kname[XATTR_NAME_MAX + 1]; @@ -487,7 +491,7 @@ removexattr(struct dentry *dentry, struc if (error < 0) return error; - return vfs_removexattr(dentry, mnt, kname); + return vfs_removexattr(dentry, mnt, kname, file); } asmlinkage long @@ -499,7 +503,7 @@ sys_removexattr(char __user *path, char error = user_path_walk(path, &nd); if (error) return error; - error = removexattr(nd.path.dentry, nd.path.mnt, name); + error = removexattr(nd.path.dentry, nd.path.mnt, name, NULL); path_put(&nd.path); return error; } @@ -513,7 +517,7 @@ sys_lremovexattr(char __user *path, char error = user_path_walk_link(path, &nd); if (error) return error; - error = removexattr(nd.path.dentry, nd.path.mnt, name); + error = removexattr(nd.path.dentry, nd.path.mnt, name, NULL); path_put(&nd.path); return error; } @@ -530,7 +534,7 @@ sys_fremovexattr(int fd, char __user *na return error; dentry = f->f_path.dentry; audit_inode(NULL, dentry); - error = removexattr(dentry, f->f_path.mnt, name); + error = removexattr(dentry, f->f_path.mnt, name, f); fput(f); return error; } --- a/include/linux/security.h +++ b/include/linux/security.h @@ -57,8 +57,8 @@ extern void cap_capset_set (struct task_ extern int cap_bprm_set_security (struct linux_binprm *bprm); extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); extern int cap_bprm_secureexec(struct linux_binprm *bprm); -extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags); -extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name); +extern int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags, struct file *file); +extern int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, char *name, struct file *file); extern int cap_inode_need_killpriv(struct dentry *dentry); extern int cap_inode_killpriv(struct dentry *dentry); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); @@ -1311,16 +1311,18 @@ struct security_operations { int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); void (*inode_delete) (struct inode *inode); int (*inode_setxattr) (struct dentry *dentry, struct vfsmount *mnt, - char *name, void *value, size_t size, int flags); + char *name, void *value, size_t size, int flags, + struct file *file); void (*inode_post_setxattr) (struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags); int (*inode_getxattr) (struct dentry *dentry, struct vfsmount *mnt, - char *name); - int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt); + char *name, struct file *file); + int (*inode_listxattr) (struct dentry *dentry, struct vfsmount *mnt, + struct file *file); int (*inode_removexattr) (struct dentry *dentry, struct vfsmount *mnt, - char *name); + char *name, struct file *file); int (*inode_need_killpriv) (struct dentry *dentry); int (*inode_killpriv) (struct dentry *dentry); int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc); @@ -1585,15 +1587,17 @@ int security_inode_setattr(struct dentry int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); void security_inode_delete(struct inode *inode); int security_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, - char *name, void *value, size_t size, int flags); + char *name, void *value, size_t size, int flags, + struct file *file); void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, int flags); int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, - char *name); -int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt); + char *name, struct file *file); +int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt, + struct file *file); int security_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, - char *name); + char *name, struct file *file); int security_inode_need_killpriv(struct dentry *dentry); int security_inode_killpriv(struct dentry *dentry); int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); @@ -1980,9 +1984,10 @@ static inline void security_inode_delete static inline int security_inode_setxattr (struct dentry *dentry, struct vfsmount *mnt, char *name, - void *value, size_t size, int flags) + void *value, size_t size, int flags, + struct file *file) { - return cap_inode_setxattr(dentry, mnt, name, value, size, flags); + return cap_inode_setxattr(dentry, mnt, name, value, size, flags, file); } static inline void security_inode_post_setxattr (struct dentry *dentry, @@ -1993,21 +1998,24 @@ static inline void security_inode_post_s { } static inline int security_inode_getxattr (struct dentry *dentry, - struct vfsmount *mnt, char *name) + struct vfsmount *mnt, char *name, + struct file *file) { return 0; } static inline int security_inode_listxattr (struct dentry *dentry, - struct vfsmount *mnt) + struct vfsmount *mnt, + struct file *file) { return 0; } static inline int security_inode_removexattr (struct dentry *dentry, - struct vfsmount *mnt, char *name) + struct vfsmount *mnt, char *name, + struct file *file) { - return cap_inode_removexattr(dentry, mnt, name); + return cap_inode_removexattr(dentry, mnt, name, file); } static inline int security_inode_need_killpriv(struct dentry *dentry) --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -47,11 +47,13 @@ struct xattr_handler { }; ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t); -ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *, size_t); -ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list, size_t size); +ssize_t vfs_getxattr(struct dentry *, struct vfsmount *, char *, void *, + size_t, struct file *); +ssize_t vfs_listxattr(struct dentry *d, struct vfsmount *, char *list, + size_t size, struct file *); int vfs_setxattr(struct dentry *, struct vfsmount *, char *, void *, size_t, - int); -int vfs_removexattr(struct dentry *, struct vfsmount *, char *); + int, struct file *); +int vfs_removexattr(struct dentry *, struct vfsmount *, char *, struct file *); ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size); ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size); --- a/security/commoncap.c +++ b/security/commoncap.c @@ -380,7 +380,7 @@ int cap_bprm_secureexec (struct linux_bi } int cap_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, - void *value, size_t size, int flags) + void *value, size_t size, int flags, struct file *file) { if (!strcmp(name, XATTR_NAME_CAPS)) { if (!capable(CAP_SETFCAP)) @@ -394,7 +394,7 @@ int cap_inode_setxattr(struct dentry *de } int cap_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, - char *name) + char *name, struct file *file) { if (!strcmp(name, XATTR_NAME_CAPS)) { if (!capable(CAP_SETFCAP)) --- a/security/dummy.c +++ b/security/dummy.c @@ -377,7 +377,7 @@ static void dummy_inode_delete (struct i static int dummy_inode_setxattr (struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, - int flags) + int flags, struct file *file) { if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && @@ -394,18 +394,20 @@ static void dummy_inode_post_setxattr (s } static int dummy_inode_getxattr (struct dentry *dentry, - struct vfsmount *mnt, char *name) + struct vfsmount *mnt, char *name, + struct file *file) { return 0; } -static int dummy_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt) +static int dummy_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt, + struct file *file) { return 0; } static int dummy_inode_removexattr (struct dentry *dentry, struct vfsmount *mnt, - char *name) + char *name, struct file *file) { if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && --- a/security/security.c +++ b/security/security.c @@ -461,12 +461,13 @@ void security_inode_delete(struct inode } int security_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, - char *name, void *value, size_t size, int flags) + char *name, void *value, size_t size, int flags, + struct file *file) { if (unlikely(IS_PRIVATE(dentry->d_inode))) return 0; return security_ops->inode_setxattr(dentry, mnt, name, value, size, - flags); + flags, file); } void security_inode_post_setxattr(struct dentry *dentry, struct vfsmount *mnt, @@ -475,30 +476,32 @@ void security_inode_post_setxattr(struct { if (unlikely(IS_PRIVATE(dentry->d_inode))) return; - security_ops->inode_post_setxattr(dentry, mnt, name, value, size, flags); + security_ops->inode_post_setxattr(dentry, mnt, name, value, size, + flags); } int security_inode_getxattr(struct dentry *dentry, struct vfsmount *mnt, - char *name) + char *name, struct file *file) { if (unlikely(IS_PRIVATE(dentry->d_inode))) return 0; - return security_ops->inode_getxattr(dentry, mnt, name); + return security_ops->inode_getxattr(dentry, mnt, name, file); } -int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt) +int security_inode_listxattr(struct dentry *dentry, struct vfsmount *mnt, + struct file *file) { if (unlikely(IS_PRIVATE(dentry->d_inode))) return 0; - return security_ops->inode_listxattr(dentry, mnt); + return security_ops->inode_listxattr(dentry, mnt, file); } int security_inode_removexattr(struct dentry *dentry, struct vfsmount *mnt, - char *name) + char *name, struct file *file) { if (unlikely(IS_PRIVATE(dentry->d_inode))) return 0; - return security_ops->inode_removexattr(dentry, mnt, name); + return security_ops->inode_removexattr(dentry, mnt, name, file); } int security_inode_need_killpriv(struct dentry *dentry) --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2561,7 +2561,7 @@ static int selinux_inode_setotherxattr(s static int selinux_inode_setxattr(struct dentry *dentry, struct vfsmount *mnt, char *name, void *value, size_t size, - int flags) + int flags, struct file *file) { struct task_security_struct *tsec = current->security; struct inode *inode = dentry->d_inode; @@ -2637,18 +2637,20 @@ static void selinux_inode_post_setxattr( } static int selinux_inode_getxattr (struct dentry *dentry, struct vfsmount *mnt, - char *name) + char *name, struct file *file) { return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } -static int selinux_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt) +static int selinux_inode_listxattr (struct dentry *dentry, struct vfsmount *mnt, + struct file *file) { return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } static int selinux_inode_removexattr (struct dentry *dentry, - struct vfsmount *mnt, char *name) + struct vfsmount *mnt, char *name, + struct file *file) { if (strcmp(name, XATTR_NAME_SELINUX)) return selinux_inode_setotherxattr(dentry, name); -- - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html