introduce new LSM hooks where vfsmount is available. Add new LSM hooks for path-based checks. Call them on directory-modifying operations at the points where we still know the vfsmount involved. Signed-off-by: Kentaro Takeda <[email protected]> Signed-off-by: Tetsuo Handa <[email protected]> Signed-off-by: Toshiharu Harada <[email protected]> Signed-off-by: Al Viro <[email protected]>

commit: be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d [log] [tgz]
author: Kentaro Takeda <[email protected]> Wed Dec 17 13:24:15 2008 +0900
committer: Al Viro <[email protected]> Wed Dec 31 18:07:37 2008 -0500
tree: 3a770f4cc676efeba443b28caa1ad195eeff49bc
parent: 6a94cb73064c952255336cc57731904174b2c58f [diff] [blame]
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c6250d0..d1b8982 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c

@@ -836,7 +836,11 @@
 		err = mnt_want_write(nd.path.mnt);
 		if (err)
 			goto out_mknod_dput;
+		err = security_path_mknod(&nd.path, dentry, mode, 0);
+		if (err)
+			goto out_mknod_drop_write;
 		err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
+out_mknod_drop_write:
 		mnt_drop_write(nd.path.mnt);
 		if (err)
 			goto out_mknod_dput;
commit	be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d	[log] [tgz]
author	Kentaro Takeda <[email protected]>	Wed Dec 17 13:24:15 2008 +0900
committer	Al Viro <[email protected]>	Wed Dec 31 18:07:37 2008 -0500
tree	3a770f4cc676efeba443b28caa1ad195eeff49bc
parent	6a94cb73064c952255336cc57731904174b2c58f [diff] [blame]