summaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorDavid Quigley <dpquigl@davequigley.com>2013-05-22 12:50:34 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2013-06-08 16:19:41 -0400
commitd47be3dfecaf20255af89a57460285c82d5271ad (patch)
tree6427561f82a9bf90f17d748a865e3e0084919540 /security/capability.c
parent4488cc96c581f130f3e86283d514123dce0dd46b (diff)
downloadlinux-stable-d47be3dfecaf20255af89a57460285c82d5271ad.tar.gz
linux-stable-d47be3dfecaf20255af89a57460285c82d5271ad.tar.bz2
linux-stable-d47be3dfecaf20255af89a57460285c82d5271ad.zip
Security: Add hook to calculate context based on a negative dentry.
There is a time where we need to calculate a context without the inode having been created yet. To do this we take the negative dentry and calculate a context based on the process and the parent directory contexts. Acked-by: Eric Paris <eparis@redhat.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 1728d4e375db..58578b4bdad4 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -109,6 +109,13 @@ static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
return 0;
}
+static int cap_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ return 0;
+}
+
static int cap_inode_alloc_security(struct inode *inode)
{
return 0;
@@ -931,6 +938,7 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, sb_set_mnt_opts);
set_to_cap_if_null(ops, sb_clone_mnt_opts);
set_to_cap_if_null(ops, sb_parse_opts_str);
+ set_to_cap_if_null(ops, dentry_init_security);
set_to_cap_if_null(ops, inode_alloc_security);
set_to_cap_if_null(ops, inode_free_security);
set_to_cap_if_null(ops, inode_init_security);