This patch against 2.5.69 moves the security_d_instantiate hook calls in
d_instantiate and d_splice_alias after the inode has been attached to
the dentry. This change is necessary so that security modules can
internally call the getxattr inode operation (which takes a dentry
parameter) from this hook to obtain the inode security label. Al, if
you approve of this change, please acknowledge. If not, please advise
as to what must change. Thanks.
dcache.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
Index: linux-2.5/fs/dcache.c
diff -u linux-2.5/fs/dcache.c:1.1.1.6 linux-2.5/fs/dcache.c:1.7
--- linux-2.5/fs/dcache.c:1.1.1.6 Mon May 5 09:17:36 2003
+++ linux-2.5/fs/dcache.c Mon May 5 13:04:55 2003
@@ -770,12 +770,12 @@
void d_instantiate(struct dentry *entry, struct inode * inode)
{
if (!list_empty(&entry->d_alias)) BUG();
- security_d_instantiate(entry, inode);
spin_lock(&dcache_lock);
if (inode)
list_add(&entry->d_alias, &inode->i_dentry);
entry->d_inode = inode;
spin_unlock(&dcache_lock);
+ security_d_instantiate(entry, inode);
}
/**
@@ -903,12 +903,12 @@
struct dentry *new = NULL;
if (inode && S_ISDIR(inode->i_mode)) {
- security_d_instantiate(dentry, inode);
spin_lock(&dcache_lock);
if (!list_empty(&inode->i_dentry)) {
new = list_entry(inode->i_dentry.next, struct dentry, d_alias);
__dget_locked(new);
spin_unlock(&dcache_lock);
+ security_d_instantiate(dentry, inode);
d_rehash(dentry);
d_move(new, dentry);
iput(inode);
@@ -917,6 +917,7 @@
list_add(&dentry->d_alias, &inode->i_dentry);
dentry->d_inode = inode;
spin_unlock(&dcache_lock);
+ security_d_instantiate(dentry, inode);
d_rehash(dentry);
}
} else
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
_______________________________________________
linux-security-module mailing list
linux-security-module@mail.wirex.com
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 06 2003 - 09:25:34 PDT