summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2009-10-04 21:49:48 +0900
committerJames Morris <jmorris@namei.org>2009-10-12 10:56:02 +1100
commit8b8efb44033c7e86b3dc76f825c693ec92ae30e9 (patch)
tree8cf43afc59f88f36a86f3a8165770bccec28b3c3 /security
parent89eda06837094ce9f34fae269b8773fcfd70f046 (diff)
downloadlinux-stable-8b8efb44033c7e86b3dc76f825c693ec92ae30e9.tar.gz
linux-stable-8b8efb44033c7e86b3dc76f825c693ec92ae30e9.tar.bz2
linux-stable-8b8efb44033c7e86b3dc76f825c693ec92ae30e9.zip
LSM: Add security_path_chroot().
This patch allows pathname based LSM modules to check chroot() operations. This hook is used by TOMOYO. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/capability.c6
-rw-r--r--security/security.c5
2 files changed, 11 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 09279a8d4a14..4f3ab476937f 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -319,6 +319,11 @@ static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
{
return 0;
}
+
+static int cap_path_chroot(struct path *root)
+{
+ return 0;
+}
#endif
static int cap_file_permission(struct file *file, int mask)
@@ -990,6 +995,7 @@ void security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, path_truncate);
set_to_cap_if_null(ops, path_chmod);
set_to_cap_if_null(ops, path_chown);
+ set_to_cap_if_null(ops, path_chroot);
#endif
set_to_cap_if_null(ops, file_permission);
set_to_cap_if_null(ops, file_alloc_security);
diff --git a/security/security.c b/security/security.c
index 5259270e558f..279757314a05 100644
--- a/security/security.c
+++ b/security/security.c
@@ -449,6 +449,11 @@ int security_path_chown(struct path *path, uid_t uid, gid_t gid)
return 0;
return security_ops->path_chown(path, uid, gid);
}
+
+int security_path_chroot(struct path *path)
+{
+ return security_ops->path_chroot(path);
+}
#endif
int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)