1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
Debian patch for aufs on 2.6.29
---
Add support for Kernel 2.6.29.
Changes we are affected by:
1. dentry_open() receives a new argument for passing the cred
2. current->fsuid is now current_fsuid()
3. disable security_inode_* calls, as they are not exported normally. Enable
them only if CONFIG_AUFS_SEC_PERM_PATCH is defined
--- a/fs/aufs25/export.c
+++ b/fs/aufs25/export.c
@@ -384,7 +384,11 @@ static struct dentry *au_lkup_by_ino(str
if (nsi_lock)
si_read_unlock(parent->d_sb);
path_get(path);
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
file = dentry_open(parent, path->mnt, au_dir_roflags);
+ #else
+ file = dentry_open(parent, path->mnt, au_dir_roflags, current_cred());
+ #endif
dentry = (void *)file;
if (IS_ERR(file))
goto out;
--- a/fs/aufs25/file.c
+++ b/fs/aufs25/file.c
@@ -98,8 +98,13 @@ struct file *au_h_open(struct dentry *de
h_file = NULL;
if (file && au_test_nfs(h_dentry->d_sb))
h_file = au_h_intent(dentry, bindex, file);
- if (!h_file)
+ if (!h_file) {
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
h_file = dentry_open(dget(h_dentry), mntget(br->br_mnt), flags);
+ #else
+ h_file = dentry_open(dget(h_dentry), mntget(br->br_mnt), flags, current_cred());
+ #endif
+ }
/*
* a dirty trick for handling FMODE_EXEC and deny_write_access().
--- a/fs/aufs25/inode.c
+++ b/fs/aufs25/inode.c
@@ -405,7 +405,11 @@ int au_test_ro(struct super_block *sb, a
int au_test_h_perm(struct inode *h_inode, int mask, int dlgt)
{
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
if (!current->fsuid)
+ #else
+ if (!current_fsuid())
+ #endif
return 0;
/* todo: fake nameidata? */
return vfsub_permission(h_inode, mask, NULL, dlgt);
--- a/fs/aufs25/whout.c
+++ b/fs/aufs25/whout.c
@@ -274,9 +274,15 @@ static int do_unlink_wh(struct au_hinode
* forces superio when the dir has a sticky bit.
* this may be a violation of unix fs semantics.
*/
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
vfsub_args_init(&vargs, &ign, dlgt,
(h_dir->i_mode & S_ISVTX)
&& wh_dentry->d_inode->i_uid != current->fsuid);
+ #else
+ vfsub_args_init(&vargs, &ign, dlgt,
+ (h_dir->i_mode & S_ISVTX)
+ && wh_dentry->d_inode->i_uid != current_fsuid());
+ #endif
vfsub_ign_hinode(&vargs, IN_DELETE, hdir);
err = vfsub_unlink(h_dir, wh_dentry, &vargs);
AuTraceErr(err);
@@ -625,7 +631,11 @@ static void reinit_br_wh(void *arg)
struct vfsub_args vargs;
AuTraceEnter();
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
AuDebugOn(current->fsuid);
+ #else
+ AuDebugOn(current_fsuid());
+ #endif
err = 0;
wbr = a->br->br_wbr;
--- a/fs/aufs25/xino.c
+++ b/fs/aufs25/xino.c
@@ -620,8 +620,13 @@ struct file *au_xino_create2(struct supe
AuErr("%.*s create err %d\n", AuLNPair(name), err);
goto out_dput;
}
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29)
file = dentry_open(dget(dentry), mntget(base_file->f_vfsmnt),
O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE);
+ #else
+ file = dentry_open(dget(dentry), mntget(base_file->f_vfsmnt),
+ O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, current_cred());
+ #endif
if (IS_ERR(file)) {
AuErr("%.*s open err %ld\n", AuLNPair(name), PTR_ERR(file));
goto out_dput;
--- a/fs/aufs25/i_op.c
+++ b/fs/aufs25/i_op.c
@@ -61,7 +61,7 @@ static int h_permission(struct inode *h_
AuTraceErr(err);
}
-#if 1 /* todo: export? */
+#ifdef CONFIG_AUFS_SEC_PERM_PATCH
if (!err)
err = au_security_inode_permission(h_inode, mask, NULL,
dlgt);
@@ -221,7 +221,7 @@ static int h_permission(struct inode *h_
AuTraceErr(err);
}
-#if 1 /* todo: export? */
+#ifdef CONFIG_AUFS_SEC_PERM_PATCH
if (!err)
err = au_security_inode_permission(h_inode, mask, fake_nd,
dlgt);
--- a/fs/aufs25/inode.h
+++ b/fs/aufs25/inode.h
@@ -148,7 +148,7 @@ int aufs_rename(struct inode *src_dir, s
/* dlgt.c */
int au_security_inode_permission(struct inode *h_inode, int mask,
struct nameidata *fake_nd, int dlgt);
-#else
+#elif defined(CONFIG_AUFS_SEC_PERM_PATCH)
static inline
int au_security_inode_permission(struct inode *h_inode, int mask,
struct nameidata *fake_nd, int dlgt)
|