reiserfs: fix oops while creating privroot with selinux enabled

[safe/jmp/linux-2.6] / include / linux / security.h

diff --git a/include/linux/security.h b/include/linux/security.h
index ed0faea..233d20b 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -76,7 +76,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
 extern int cap_task_setnice(struct task_struct *p, int nice);
-extern int cap_syslog(int type);
+extern int cap_syslog(int type, bool from_file);
 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
 
 struct msghdr;
@@ -95,8 +95,15 @@ struct seq_file;
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
 
+void reset_security_ops(void);
+
+#ifdef CONFIG_MMU
 extern unsigned long mmap_min_addr;
 extern unsigned long dac_mmap_min_addr;
+#else
+#define dac_mmap_min_addr      0UL
+#endif
+
 /*
  * Values used in the task_security_ops calls
  */
@@ -121,6 +128,7 @@ struct request_sock;
 #define LSM_UNSAFE_PTRACE      2
 #define LSM_UNSAFE_PTRACE_CAP  4
 
+#ifdef CONFIG_MMU
 /*
  * If a hint addr is less than mmap_min_addr change hint to be as
  * low as possible but still greater than mmap_min_addr
@@ -135,6 +143,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
 }
 extern int mmap_min_addr_handler(struct ctl_table *table, int write,
                                 void __user *buffer, size_t *lenp, loff_t *ppos);
+#endif
 
 #ifdef CONFIG_SECURITY
 
@@ -706,6 +715,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  * @kernel_module_request:
  *     Ability to trigger the kernel to automatically upcall to userspace for
  *     userspace to load a kernel module with the given name.
+ *     @kmod_name name of the module requested by the kernel
  *     Return 0 if successful.
  * @task_setuid:
  *     Check permission before setting one or more of the user identity
@@ -977,6 +987,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     Check permissions on incoming network packets.  This hook is distinct
  *     from Netfilter's IP input hooks since it is the first time that the
  *     incoming sk_buff @skb has been associated with a particular socket, @sk.
+ *     Must not sleep inside this hook because some callers hold spinlocks.
  *     @sk contains the sock (not socket) associated with the incoming sk_buff.
  *     @skb contains the incoming network data.
  * @socket_getpeersec_stream:
@@ -1340,6 +1351,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     logging to the console.
  *     See the syslog(2) manual page for an explanation of the @type values.
  *     @type contains the type of action.
+ *     @from_file indicates the context of action (if it came from /proc).
  *     Return 0 if permission is granted.
  * @settime:
  *     Check permission to change the system time.
@@ -1454,7 +1466,7 @@ struct security_operations {
        int (*sysctl) (struct ctl_table *table, int op);
        int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
        int (*quota_on) (struct dentry *dentry);
-       int (*syslog) (int type);
+       int (*syslog) (int type, bool from_file);
        int (*settime) (struct timespec *ts, struct timezone *tz);
        int (*vm_enough_memory) (struct mm_struct *mm, long pages);
 
@@ -1577,7 +1589,7 @@ struct security_operations {
        void (*cred_transfer)(struct cred *new, const struct cred *old);
        int (*kernel_act_as)(struct cred *new, u32 secid);
        int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
-       int (*kernel_module_request)(void);
+       int (*kernel_module_request)(char *kmod_name);
        int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
        int (*task_fix_setuid) (struct cred *new, const struct cred *old,
                                int flags);
@@ -1753,7 +1765,7 @@ int security_acct(struct file *file);
 int security_sysctl(struct ctl_table *table, int op);
 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
-int security_syslog(int type);
+int security_syslog(int type, bool from_file);
 int security_settime(struct timespec *ts, struct timezone *tz);
 int security_vm_enough_memory(long pages);
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
@@ -1842,7 +1854,7 @@ void security_commit_creds(struct cred *new, const struct cred *old);
 void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
-int security_kernel_module_request(void);
+int security_kernel_module_request(char *kmod_name);
 int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
                             int flags);
@@ -1999,9 +2011,9 @@ static inline int security_quota_on(struct dentry *dentry)
        return 0;
 }
 
-static inline int security_syslog(int type)
+static inline int security_syslog(int type, bool from_file)
 {
-       return cap_syslog(type);
+       return cap_syslog(type, from_file);
 }
 
 static inline int security_settime(struct timespec *ts, struct timezone *tz)
@@ -2407,7 +2419,7 @@ static inline int security_kernel_create_files_as(struct cred *cred,
        return 0;
 }
 
-static inline int security_kernel_module_request(void)
+static inline int security_kernel_module_request(char *kmod_name)
 {
        return 0;
 }