2009-05-03 10:46:59 +00:00
|
|
|
Debian patch for aufs on 2.6.29
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
Add support for Kernel 2.6.29.
|
|
|
|
|
|
|
|
Changes we are affected by:
|
|
|
|
1. dentry_open() receives a new argument for passing the cred
|
|
|
|
2. current->fsuid is now current_fsuid()
|
2009-05-03 11:29:08 +00:00
|
|
|
3. disable security_inode_* calls, as they are not exported normally. Enable
|
|
|
|
them only if CONFIG_AUFS_SEC_PERM_PATCH is defined
|
2009-05-03 10:46:59 +00:00
|
|
|
--- a/fs/aufs25/export.c
|
|
|
|
+++ b/fs/aufs25/export.c
|
|
|
|
@@ -384,7 +384,11 @@ static struct dentry *au_lkup_by_ino(str
|
|
|
|
if (nsi_lock)
|
|
|
|
si_read_unlock(parent->d_sb);
|
|
|
|
path_get(path);
|
|
|
|
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
|
|
|
|
file = dentry_open(parent, path->mnt, au_dir_roflags);
|
|
|
|
+ #else
|
|
|
|
+ file = dentry_open(parent, path->mnt, au_dir_roflags, current_cred());
|
|
|
|
+ #endif
|
|
|
|
dentry = (void *)file;
|
|
|
|
if (IS_ERR(file))
|
|
|
|
goto out;
|
|
|
|
--- a/fs/aufs25/file.c
|
|
|
|
+++ b/fs/aufs25/file.c
|
|
|
|
@@ -98,8 +98,13 @@ struct file *au_h_open(struct dentry *de
|
|
|
|
h_file = NULL;
|
|
|
|
if (file && au_test_nfs(h_dentry->d_sb))
|
|
|
|
h_file = au_h_intent(dentry, bindex, file);
|
|
|
|
- if (!h_file)
|
|
|
|
+ if (!h_file) {
|
|
|
|
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
|
|
|
|
h_file = dentry_open(dget(h_dentry), mntget(br->br_mnt), flags);
|
|
|
|
+ #else
|
|
|
|
+ h_file = dentry_open(dget(h_dentry), mntget(br->br_mnt), flags, current_cred());
|
|
|
|
+ #endif
|
|
|
|
+ }
|
|
|
|
|
|
|
|
/*
|
|
|
|
* a dirty trick for handling FMODE_EXEC and deny_write_access().
|
|
|
|
--- a/fs/aufs25/inode.c
|
|
|
|
+++ b/fs/aufs25/inode.c
|
|
|
|
@@ -405,7 +405,11 @@ int au_test_ro(struct super_block *sb, a
|
|
|
|
|
|
|
|
int au_test_h_perm(struct inode *h_inode, int mask, int dlgt)
|
|
|
|
{
|
|
|
|
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
|
|
|
|
if (!current->fsuid)
|
|
|
|
+ #else
|
|
|
|
+ if (!current_fsuid())
|
|
|
|
+ #endif
|
|
|
|
return 0;
|
|
|
|
/* todo: fake nameidata? */
|
|
|
|
return vfsub_permission(h_inode, mask, NULL, dlgt);
|
|
|
|
--- a/fs/aufs25/whout.c
|
|
|
|
+++ b/fs/aufs25/whout.c
|
|
|
|
@@ -274,9 +274,15 @@ static int do_unlink_wh(struct au_hinode
|
|
|
|
* forces superio when the dir has a sticky bit.
|
|
|
|
* this may be a violation of unix fs semantics.
|
|
|
|
*/
|
|
|
|
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
|
|
|
|
vfsub_args_init(&vargs, &ign, dlgt,
|
|
|
|
(h_dir->i_mode & S_ISVTX)
|
|
|
|
&& wh_dentry->d_inode->i_uid != current->fsuid);
|
|
|
|
+ #else
|
|
|
|
+ vfsub_args_init(&vargs, &ign, dlgt,
|
|
|
|
+ (h_dir->i_mode & S_ISVTX)
|
|
|
|
+ && wh_dentry->d_inode->i_uid != current_fsuid());
|
|
|
|
+ #endif
|
|
|
|
vfsub_ign_hinode(&vargs, IN_DELETE, hdir);
|
|
|
|
err = vfsub_unlink(h_dir, wh_dentry, &vargs);
|
|
|
|
AuTraceErr(err);
|
|
|
|
@@ -625,7 +631,11 @@ static void reinit_br_wh(void *arg)
|
|
|
|
struct vfsub_args vargs;
|
|
|
|
|
|
|
|
AuTraceEnter();
|
|
|
|
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
|
|
|
|
AuDebugOn(current->fsuid);
|
|
|
|
+ #else
|
|
|
|
+ AuDebugOn(current_fsuid());
|
|
|
|
+ #endif
|
|
|
|
|
|
|
|
err = 0;
|
|
|
|
wbr = a->br->br_wbr;
|
|
|
|
--- a/fs/aufs25/xino.c
|
|
|
|
+++ b/fs/aufs25/xino.c
|
|
|
|
@@ -620,8 +620,13 @@ struct file *au_xino_create2(struct supe
|
|
|
|
AuErr("%.*s create err %d\n", AuLNPair(name), err);
|
|
|
|
goto out_dput;
|
|
|
|
}
|
|
|
|
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
|
|
|
|
file = dentry_open(dget(dentry), mntget(base_file->f_vfsmnt),
|
|
|
|
O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE);
|
|
|
|
+ #else
|
|
|
|
+ file = dentry_open(dget(dentry), mntget(base_file->f_vfsmnt),
|
|
|
|
+ O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, current_cred());
|
|
|
|
+ #endif
|
|
|
|
if (IS_ERR(file)) {
|
|
|
|
AuErr("%.*s open err %ld\n", AuLNPair(name), PTR_ERR(file));
|
|
|
|
goto out_dput;
|
2009-05-03 11:29:08 +00:00
|
|
|
--- a/fs/aufs25/i_op.c
|
|
|
|
+++ b/fs/aufs25/i_op.c
|
|
|
|
@@ -61,7 +61,7 @@ static int h_permission(struct inode *h_
|
|
|
|
AuTraceErr(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
-#if 1 /* todo: export? */
|
|
|
|
+#ifdef CONFIG_AUFS_SEC_PERM_PATCH
|
|
|
|
if (!err)
|
|
|
|
err = au_security_inode_permission(h_inode, mask, NULL,
|
|
|
|
dlgt);
|
|
|
|
@@ -221,7 +221,7 @@ static int h_permission(struct inode *h_
|
|
|
|
AuTraceErr(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
-#if 1 /* todo: export? */
|
|
|
|
+#ifdef CONFIG_AUFS_SEC_PERM_PATCH
|
|
|
|
if (!err)
|
|
|
|
err = au_security_inode_permission(h_inode, mask, fake_nd,
|
|
|
|
dlgt);
|
|
|
|
--- a/fs/aufs25/inode.h
|
|
|
|
+++ b/fs/aufs25/inode.h
|
|
|
|
@@ -148,7 +148,7 @@ int aufs_rename(struct inode *src_dir, s
|
|
|
|
/* dlgt.c */
|
|
|
|
int au_security_inode_permission(struct inode *h_inode, int mask,
|
|
|
|
struct nameidata *fake_nd, int dlgt);
|
|
|
|
-#else
|
|
|
|
+#elif defined(CONFIG_AUFS_SEC_PERM_PATCH)
|
|
|
|
static inline
|
|
|
|
int au_security_inode_permission(struct inode *h_inode, int mask,
|
|
|
|
struct nameidata *fake_nd, int dlgt)
|