Merge tag 'keys-misc-20210126' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowe...

[sfrench/cifs-2.6.git] / security / security.c

diff --git a/security/security.c b/security/security.c
index 401663b5b70eafc14892fb4eae4ecebc81bbd38d..5ac96b16f8fab0a76666cec5efc1f1003116e549 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -1288,7 +1288,8 @@ int security_inode_getattr(const struct path *path)
        return call_int_hook(inode_getattr, 0, path);
 }
 
-int security_inode_setxattr(struct dentry *dentry, const char *name,
+int security_inode_setxattr(struct user_namespace *mnt_userns,
+                           struct dentry *dentry, const char *name,
                            const void *value, size_t size, int flags)
 {
        int ret;
@@ -1299,8 +1300,8 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
         * SELinux and Smack integrate the cap call,
         * so assume that all LSMs supplying this call do so.
         */
-       ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size,
-                               flags);
+       ret = call_int_hook(inode_setxattr, 1, mnt_userns, dentry, name, value,
+                           size, flags);
 
        if (ret == 1)
                ret = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -1335,7 +1336,8 @@ int security_inode_listxattr(struct dentry *dentry)
        return call_int_hook(inode_listxattr, 0, dentry);
 }
 
-int security_inode_removexattr(struct dentry *dentry, const char *name)
+int security_inode_removexattr(struct user_namespace *mnt_userns,
+                              struct dentry *dentry, const char *name)
 {
        int ret;
 
@@ -1345,9 +1347,9 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
         * SELinux and Smack integrate the cap call,
         * so assume that all LSMs supplying this call do so.
         */
-       ret = call_int_hook(inode_removexattr, 1, dentry, name);
+       ret = call_int_hook(inode_removexattr, 1, mnt_userns, dentry, name);
        if (ret == 1)
-               ret = cap_inode_removexattr(dentry, name);
+               ret = cap_inode_removexattr(mnt_userns, dentry, name);
        if (ret)
                return ret;
        ret = ima_inode_removexattr(dentry, name);
@@ -1361,12 +1363,15 @@ int security_inode_need_killpriv(struct dentry *dentry)
        return call_int_hook(inode_need_killpriv, 0, dentry);
 }
 
-int security_inode_killpriv(struct dentry *dentry)
+int security_inode_killpriv(struct user_namespace *mnt_userns,
+                           struct dentry *dentry)
 {
-       return call_int_hook(inode_killpriv, 0, dentry);
+       return call_int_hook(inode_killpriv, 0, mnt_userns, dentry);
 }
 
-int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
+int security_inode_getsecurity(struct user_namespace *mnt_userns,
+                              struct inode *inode, const char *name,
+                              void **buffer, bool alloc)
 {
        struct security_hook_list *hp;
        int rc;
@@ -1377,7 +1382,7 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf
         * Only one module will provide an attribute with a given name.
         */
        hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
-               rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
+               rc = hp->hook.inode_getsecurity(mnt_userns, inode, name, buffer, alloc);
                if (rc != LSM_RET_DEFAULT(inode_getsecurity))
                        return rc;
        }