Fix aufs calling of security_path_mknod

BugLink: http://launchpad.net/bugs/724456

The security_path_mknod hook requires an encoded 'dev' for its 'dev' paramet
but aufs is calling security_path_mknod with a 'dev' that was already
converted by 'new_decode_dev(dev)'. However security_path_mknod and its
consumer TOMOYO is expecting 'dev' rather than 'new_decode_dev(dev)'.

This will result in TOMOYO doing new_decode_dev(new_decode_dev(dev))
(which is wrong) when security_path_mknod() is called from aufs' vfsub_mknod

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/ubuntu/aufs/vfsub.c b/ubuntu/aufs/vfsub.c
index 6ce2fd5..40f6aef 100644
--- a/ubuntu/aufs/vfsub.c
+++ b/ubuntu/aufs/vfsub.c
@@ -276,7 +276,7 @@ int vfsub_mknod(struct inode *dir, struct path *path, int mo

d = path->dentry;
path->dentry = d->d_parent;
- err = security_path_mknod(path, d, mode, dev);
+ err = security_path_mknod(path, d, mode, new_encode_dev(dev));
path->dentry = d;
if (unlikely(err))
goto out;

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Applied to Natty.

John, is this specific to Ubuntu because we have Tomoyo or should it be
going up to aufs upstream?

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

On 02/28/2011 03:55 AM, Andy Whitcroft wrote:
> Applied to Natty.
>
> John, is this specific to Ubuntu because we have Tomoyo or should it be
> going up to aufs upstream?
>
yes it should be upstreamed, its using the LSM hook incorrectly so its
potentially not just TOMOYO but any project that uses the hook.

I did send to aufs-users mailing, but it was reject, and my attempt
to join the list hasn't received a reply yet.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team