[AppArmor 16/45] Call lsm hook before unhashing dentry in vfs_rmdir()

If we unhash the dentry before calling the security_inode_rmdir hook, we cannot compute the file's pathname in the hook anymore. AppArmor needs to know the filename in order to decide whether a file may be deleted, though.

Signed-off-by: John Johansen <jjohansen@suse.de> Signed-off-by: Andreas Gruenbacher <agruen@suse.de> --- fs/namei.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) --- a/fs/namei.c
+++ b/fs/namei.c
@@ -2125,6 +2125,10 @@ int vfs_rmdir(struct inode *dir, struct if (!dir->i_op || !dir->i_op->rmdir) return -EPERM;
+ error = security_inode_rmdir(dir, dentry, mnt);
+ if (error)
+ return error;
+
DQUOT_INIT(dir); mutex_lock(&dentry->d_inode->i_mutex); @@ -2132,12 +2136,9 @@ int vfs_rmdir(struct inode *dir, struct if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_inode_rmdir(dir, dentry, mnt); - if (!error) { - error = dir->i_op->rmdir(dir, dentry); - if (!error) - dentry->d_inode->i_flags |= S_DEAD; - }
+ error = dir->i_op->rmdir(dir, dentry);
+ if (!error)
+ dentry->d_inode->i_flags |= S_DEAD;
} mutex_unlock(&dentry->d_inode->i_mutex); if (!error) { -- - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

• This message: [ Message body ]
• Next message: jjohansen_at_nospam: "[AppArmor 17/45] Add a struct vfsmount parameter to vfs_unlink()"
• Previous message: jjohansen_at_nospam: "[AppArmor 15/45] Pass struct vfsmount to the inode_rmdir LSM hook"
• In reply to: jjohansen_at_nospam: "[AppArmor 00/45] AppArmor security module overview"
• Next in thread: jjohansen_at_nospam: "[AppArmor 17/45] Add a struct vfsmount parameter to vfs_unlink()"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]