commit 8b8efb44033c7e86b3dc76f825c693ec92ae30e9
author Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Sun Oct 04 21:49:48 2009 +0900
committer James Morris <jmorris@namei.org> Mon Oct 12 10:56:02 2009 +1100
tree 8cf43afc59f88f36a86f3a8165770bccec28b3c3
parent 89eda06837094ce9f34fae269b8773fcfd70f046

LSM: Add security_path_chroot().

This patch allows pathname based LSM modules to check chroot() operations.

This hook is used by TOMOYO.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/capability.c

diff --git a/security/capability.c b/security/capability.c
index 09279a8..4f3ab47 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -319,6 +319,11 @@
 {
 	return 0;
 }
+
+static int cap_path_chroot(struct path *root)
+{
+	return 0;
+}
 #endif
 
 static int cap_file_permission(struct file *file, int mask)
@@ -990,6 +995,7 @@
 	set_to_cap_if_null(ops, path_truncate);
 	set_to_cap_if_null(ops, path_chmod);
 	set_to_cap_if_null(ops, path_chown);
+	set_to_cap_if_null(ops, path_chroot);
 #endif
 	set_to_cap_if_null(ops, file_permission);
 	set_to_cap_if_null(ops, file_alloc_security);

security/security.c

diff --git a/security/security.c b/security/security.c
index 5259270..2797573 100644
--- a/security/security.c
+++ b/security/security.c
@@ -449,6 +449,11 @@
 		return 0;
 	return security_ops->path_chown(path, uid, gid);
 }
+
+int security_path_chroot(struct path *path)
+{
+	return security_ops->path_chroot(path);
+}
 #endif
 
 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)