summaryrefslogtreecommitdiff
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorVivek Goyal <vgoyal@redhat.com>2016-07-13 18:13:56 +0300
committerPaul Moore <paul@paul-moore.com>2016-08-09 03:06:53 +0300
commitd8ad8b49618410ddeafd78465b63a6cedd6c9484 (patch)
tree7e03ed05fdfae31da74e34856d2f9c718f896c6e /include/linux/security.h
parent8b31f456c72e53ee97474a538bcd91bfb1b93fb7 (diff)
downloadlinux-d8ad8b49618410ddeafd78465b63a6cedd6c9484.tar.xz
security, overlayfs: provide copy up security hook for unioned files
Provide a security hook to label new file correctly when a file is copied up from lower layer to upper layer of a overlay/union mount. This hook can prepare a new set of creds which are suitable for new file creation during copy up. Caller will use new creds to create file and then revert back to old creds and release new creds. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: whitespace cleanup to appease checkpatch.pl] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 7831cd57bcf7..c5b0ccd6c8b6 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -282,6 +282,7 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
void security_inode_getsecid(struct inode *inode, u32 *secid);
+int security_inode_copy_up(struct dentry *src, struct cred **new);
int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
void security_file_free(struct file *file);
@@ -758,6 +759,11 @@ static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
*secid = 0;
}
+static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
+{
+ return 0;
+}
+
static inline int security_file_permission(struct file *file, int mask)
{
return 0;