Commit 738a3519 authored by David Howells's avatar David Howells Committed by Trond Myklebust

NFS: Secure the roots of the NFS subtrees in a shared superblock

Invoke security_d_instantiate() on root dentries after allocating them with
dentry_alloc_anon().  Normally dentry_alloc_root() would do that, but we don't
call that as we don't want to assign a name to the root dentry at this point
(we may discover the real name later).
Signed-Off-By: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 27ba8512
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#include <linux/vfs.h> #include <linux/vfs.h>
#include <linux/namei.h> #include <linux/namei.h>
#include <linux/namespace.h> #include <linux/namespace.h>
#include <linux/security.h>
#include <asm/system.h> #include <asm/system.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
...@@ -109,6 +110,8 @@ struct dentry *nfs_get_root(struct super_block *sb, struct nfs_fh *mntfh) ...@@ -109,6 +110,8 @@ struct dentry *nfs_get_root(struct super_block *sb, struct nfs_fh *mntfh)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
} }
security_d_instantiate(mntroot, inode);
if (!mntroot->d_op) if (!mntroot->d_op)
mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops; mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops;
...@@ -296,6 +299,8 @@ struct dentry *nfs4_get_root(struct super_block *sb, struct nfs_fh *mntfh) ...@@ -296,6 +299,8 @@ struct dentry *nfs4_get_root(struct super_block *sb, struct nfs_fh *mntfh)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
} }
security_d_instantiate(mntroot, inode);
if (!mntroot->d_op) if (!mntroot->d_op)
mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops; mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment