This patch against 2.5.68 moves the security_d_instantiate hook calls in
d_instantiate and d_splice_alias after the inode has been attached to
the dentry. This change is necessary so that security modules can
internally call the getxattr inode operation (which takes a dentry
parameter) from this hook to obtain the inode security label. Please
apply, or let me know if any changes are needed.
dcache.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
Index: linux-2.5/fs/dcache.c
===================================================================
RCS file: /home/pal/CVS/linux-2.5/fs/dcache.c,v
retrieving revision 1.5
diff -u -r1.5 dcache.c
--- linux-2.5/fs/dcache.c 21 Apr 2003 15:03:31 -0000 1.5
+++ linux-2.5/fs/dcache.c 28 Apr 2003 11:42:05 -0000
@@ -763,12 +763,12 @@
void d_instantiate(struct dentry *entry, struct inode * inode)
{
if (!list_empty(&entry->d_alias)) BUG();
- security_d_instantiate(entry, inode);
spin_lock(&dcache_lock);
if (inode)
list_add(&entry->d_alias, &inode->i_dentry);
entry->d_inode = inode;
spin_unlock(&dcache_lock);
+ security_d_instantiate(entry, inode);
}
/**
@@ -896,12 +896,12 @@
struct dentry *new = NULL;
if (inode && S_ISDIR(inode->i_mode)) {
- security_d_instantiate(dentry, inode);
spin_lock(&dcache_lock);
if (!list_empty(&inode->i_dentry)) {
new = list_entry(inode->i_dentry.next, struct dentry, d_alias);
__dget_locked(new);
spin_unlock(&dcache_lock);
+ security_d_instantiate(dentry, inode);
d_rehash(dentry);
d_move(new, dentry);
iput(inode);
@@ -910,6 +910,7 @@
list_add(&dentry->d_alias, &inode->i_dentry);
dentry->d_inode = inode;
spin_unlock(&dcache_lock);
+ security_d_instantiate(dentry, inode);
d_rehash(dentry);
}
} else
--
Stephen Smalley <sdsat_private>
National Security Agency
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu May 01 2003 - 13:22:55 PDT