introduce new LSM hooks where vfsmount is available. Add new LSM hooks for path-based checks. Call them on directory-modifying operations at the points where we still know the vfsmount involved. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d [log] [tgz]
author: Kentaro Takeda <takedakn@nttdata.co.jp> Wed Dec 17 13:24:15 2008 +0900
committer: Al Viro <viro@zeniv.linux.org.uk> Wed Dec 31 18:07:37 2008 -0500
tree: 3a770f4cc676efeba443b28caa1ad195eeff49bc
parent: 6a94cb73064c952255336cc57731904174b2c58f [diff] [blame]
diff --git a/fs/open.c b/fs/open.c
index c0a426d..1cd7d40 100644
--- a/fs/open.c
+++ b/fs/open.c

@@ -272,6 +272,8 @@
 		goto put_write_and_out;
 
 	error = locks_verify_truncate(inode, NULL, length);
+	if (!error)
+		error = security_path_truncate(&path, length, 0);
 	if (!error) {
 		DQUOT_INIT(inode);
 		error = do_truncate(path.dentry, length, 0, NULL);
@@ -329,6 +331,9 @@
 
 	error = locks_verify_truncate(inode, file, length);
 	if (!error)
+		error = security_path_truncate(&file->f_path, length,
+					       ATTR_MTIME|ATTR_CTIME);
+	if (!error)
 		error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
 out_putf:
 	fput(file);
commit	be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d	[log] [tgz]
author	Kentaro Takeda <takedakn@nttdata.co.jp>	Wed Dec 17 13:24:15 2008 +0900
committer	Al Viro <viro@zeniv.linux.org.uk>	Wed Dec 31 18:07:37 2008 -0500
tree	3a770f4cc676efeba443b28caa1ad195eeff49bc
parent	6a94cb73064c952255336cc57731904174b2c58f [diff] [blame]