diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2009-10-04 21:49:48 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-12 10:56:02 +1100 |
commit | 8b8efb44033c7e86b3dc76f825c693ec92ae30e9 (patch) | |
tree | 8cf43afc59f88f36a86f3a8165770bccec28b3c3 /security | |
parent | 89eda06837094ce9f34fae269b8773fcfd70f046 (diff) | |
download | linux-3.10-8b8efb44033c7e86b3dc76f825c693ec92ae30e9.tar.gz linux-3.10-8b8efb44033c7e86b3dc76f825c693ec92ae30e9.tar.bz2 linux-3.10-8b8efb44033c7e86b3dc76f825c693ec92ae30e9.zip |
LSM: Add security_path_chroot().
This patch allows pathname based LSM modules to check chroot() operations.
This hook is used by TOMOYO.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/capability.c | 6 | ||||
-rw-r--r-- | security/security.c | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c index 09279a8d4a1..4f3ab476937 100644 --- a/security/capability.c +++ b/security/capability.c @@ -319,6 +319,11 @@ static int cap_path_chown(struct path *path, uid_t uid, gid_t gid) { return 0; } + +static int cap_path_chroot(struct path *root) +{ + return 0; +} #endif static int cap_file_permission(struct file *file, int mask) @@ -990,6 +995,7 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, path_truncate); set_to_cap_if_null(ops, path_chmod); set_to_cap_if_null(ops, path_chown); + set_to_cap_if_null(ops, path_chroot); #endif set_to_cap_if_null(ops, file_permission); set_to_cap_if_null(ops, file_alloc_security); diff --git a/security/security.c b/security/security.c index 5259270e558..279757314a0 100644 --- a/security/security.c +++ b/security/security.c @@ -449,6 +449,11 @@ int security_path_chown(struct path *path, uid_t uid, gid_t gid) return 0; return security_ops->path_chown(path, uid, gid); } + +int security_path_chroot(struct path *path) +{ + return security_ops->path_chroot(path); +} #endif int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) |