[PATCH] switch a bunch of LSM hooks from nameidata to path

	if (IS_DEADDIR(nd->path.dentry->d_inode))

		goto out_unlock;

	err = security_sb_check_sb(mnt, nd);

	err = security_sb_check_sb(mnt, &nd->path);

	if (err)

		goto out_unlock;

out_unlock:

	mutex_unlock(&nd->path.dentry->d_inode->i_mutex);

	if (!err)

		security_sb_post_addmount(mnt, nd);

		security_sb_post_addmount(mnt, &nd->path);

	return err;

}

	if (retval)

		return retval;

	retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);

	retval = security_sb_mount(dev_name, &nd.path,

				   type_page, flags, data_page);

	if (retval)

		goto dput_out;

	if (error)

		goto out1;

	error = security_sb_pivotroot(&old_nd, &new_nd);

	error = security_sb_pivotroot(&old_nd.path, &new_nd.path);

	if (error) {

		path_put(&old_nd.path);

		goto out1;

	touch_mnt_namespace(current->nsproxy->mnt_ns);

	spin_unlock(&vfsmount_lock);

	chroot_fs_refs(&user_nd.path, &new_nd.path);

	security_sb_post_pivotroot(&user_nd, &new_nd);

	security_sb_post_pivotroot(&user_nd.path, &new_nd.path);

	error = 0;

	path_put(&root_parent);

	path_put(&parent_path);

 *	loopback/bind mount (@flags & MS_BIND), @dev_name identifies the

 *	pathname of the object being mounted.

 *	@dev_name contains the name for object being mounted.

 *	@nd contains the nameidata structure for mount point object.

 *	@path contains the path for mount point object.

 *	@type contains the filesystem type.

 *	@flags contains the mount flags.

 *	@data contains the filesystem-specific data.

 *	Check permission before the device with superblock @mnt->sb is mounted

 *	on the mount point named by @nd.

 *	@mnt contains the vfsmount for device being mounted.

 *	@nd contains the nameidata object for the mount point.

 *	@path contains the path for the mount point.

 *	Return 0 if permission is granted.

 * @sb_umount:

 *	Check permission before the @mnt file system is unmounted.

 *	This hook is called any time a mount is successfully grafetd to

 *	the tree.

 *	@mnt contains the mounted filesystem.

 *	@mountpoint_nd contains the nameidata structure for the mount point.

 *	@mountpoint contains the path for the mount point.

 * @sb_pivotroot:

 *	Check permission before pivoting the root filesystem.

 *	@old_nd contains the nameidata structure for the new location of the current root (put_old).

 *      @new_nd contains the nameidata structure for the new root (new_root).

 *	@old_path contains the path for the new location of the current root (put_old).

 *      @new_path contains the path for the new root (new_root).

 *	Return 0 if permission is granted.

 * @sb_post_pivotroot:

 *	Update module state after a successful pivot.

 *	@old_nd contains the nameidata structure for the old root.

 *      @new_nd contains the nameidata structure for the new root.

 *	@old_path contains the path for the old root.

 *      @new_path contains the path for the new root.

 * @sb_get_mnt_opts:

 *	Get the security relevant mount options used for a superblock

 *	@sb the superblock to get security mount options from

	int (*sb_copy_data)(char *orig, char *copy);

	int (*sb_kern_mount) (struct super_block *sb, void *data);

	int (*sb_statfs) (struct dentry *dentry);

	int (*sb_mount) (char *dev_name, struct nameidata * nd,

	int (*sb_mount) (char *dev_name, struct path *path,

			 char *type, unsigned long flags, void *data);

	int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd);

	int (*sb_check_sb) (struct vfsmount * mnt, struct path *path);

	int (*sb_umount) (struct vfsmount * mnt, int flags);

	void (*sb_umount_close) (struct vfsmount * mnt);

	void (*sb_umount_busy) (struct vfsmount * mnt);

	void (*sb_post_remount) (struct vfsmount * mnt,

				 unsigned long flags, void *data);

	void (*sb_post_addmount) (struct vfsmount * mnt,

				  struct nameidata * mountpoint_nd);

	int (*sb_pivotroot) (struct nameidata * old_nd,

			     struct nameidata * new_nd);

	void (*sb_post_pivotroot) (struct nameidata * old_nd,

				   struct nameidata * new_nd);

				  struct path *mountpoint);

	int (*sb_pivotroot) (struct path *old_path,

			     struct path *new_path);

	void (*sb_post_pivotroot) (struct path *old_path,

				   struct path *new_path);

	int (*sb_get_mnt_opts) (const struct super_block *sb,

				struct security_mnt_opts *opts);

	int (*sb_set_mnt_opts) (struct super_block *sb,

int security_sb_copy_data(char *orig, char *copy);

int security_sb_kern_mount(struct super_block *sb, void *data);

int security_sb_statfs(struct dentry *dentry);

int security_sb_mount(char *dev_name, struct nameidata *nd,

int security_sb_mount(char *dev_name, struct path *path,

                       char *type, unsigned long flags, void *data);

int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd);

int security_sb_check_sb(struct vfsmount *mnt, struct path *path);

int security_sb_umount(struct vfsmount *mnt, int flags);

void security_sb_umount_close(struct vfsmount *mnt);

void security_sb_umount_busy(struct vfsmount *mnt);

void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);

void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);

int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);

void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);

void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint);

int security_sb_pivotroot(struct path *old_path, struct path *new_path);

void security_sb_post_pivotroot(struct path *old_path, struct path *new_path);

int security_sb_get_mnt_opts(const struct super_block *sb,

				struct security_mnt_opts *opts);

int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);

	return 0;

}

static inline int security_sb_mount (char *dev_name, struct nameidata *nd,

static inline int security_sb_mount (char *dev_name, struct path *path,

				    char *type, unsigned long flags,

				    void *data)

{

}

static inline int security_sb_check_sb (struct vfsmount *mnt,

					struct nameidata *nd)

					struct path *path)

{

	return 0;

}

{ }

static inline void security_sb_post_addmount (struct vfsmount *mnt,

					      struct nameidata *mountpoint_nd)

					      struct path *mountpoint)

{ }

static inline int security_sb_pivotroot (struct nameidata *old_nd,

					 struct nameidata *new_nd)

static inline int security_sb_pivotroot (struct path *old_path,

					 struct path *new_path)

{

	return 0;

}

static inline void security_sb_post_pivotroot (struct nameidata *old_nd,

					       struct nameidata *new_nd)

static inline void security_sb_post_pivotroot (struct path *old_path,

					       struct path *new_path)

{ }

static inline int security_sb_get_mnt_opts(const struct super_block *sb,

					   struct security_mnt_opts *opts)

	return 0;

}

static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,

static int dummy_sb_mount (char *dev_name, struct path *path, char *type,

			   unsigned long flags, void *data)

{

	return 0;

}

static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)

static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path)

{

	return 0;

}

}

static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)

static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path)

{

	return;

}

static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)

static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path)

{

	return 0;

}

static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)

static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path)

{

	return;

}

	return security_ops->sb_statfs(dentry);

}

int security_sb_mount(char *dev_name, struct nameidata *nd,

int security_sb_mount(char *dev_name, struct path *path,

                       char *type, unsigned long flags, void *data)

{

	return security_ops->sb_mount(dev_name, nd, type, flags, data);

	return security_ops->sb_mount(dev_name, path, type, flags, data);

}

int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd)

int security_sb_check_sb(struct vfsmount *mnt, struct path *path)

{

	return security_ops->sb_check_sb(mnt, nd);

	return security_ops->sb_check_sb(mnt, path);

}

int security_sb_umount(struct vfsmount *mnt, int flags)

	security_ops->sb_post_remount(mnt, flags, data);

}

void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd)

void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)

{

	security_ops->sb_post_addmount(mnt, mountpoint_nd);

	security_ops->sb_post_addmount(mnt, mountpoint);

}

int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)

int security_sb_pivotroot(struct path *old_path, struct path *new_path)

{

	return security_ops->sb_pivotroot(old_nd, new_nd);

	return security_ops->sb_pivotroot(old_path, new_path);

}

void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)

void security_sb_post_pivotroot(struct path *old_path, struct path *new_path)

{

	security_ops->sb_post_pivotroot(old_nd, new_nd);

	security_ops->sb_post_pivotroot(old_path, new_path);

}

int security_sb_get_mnt_opts(const struct super_block *sb,

}

static int selinux_mount(char *dev_name,

			 struct nameidata *nd,

			 struct path *path,

			 char *type,

			 unsigned long flags,

			 void *data)

{

	int rc;

	rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);

	rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);

	if (rc)

		return rc;

	if (flags & MS_REMOUNT)

		return superblock_has_perm(current, nd->path.mnt->mnt_sb,

		return superblock_has_perm(current, path->mnt->mnt_sb,

					   FILESYSTEM__REMOUNT, NULL);

	else

		return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,

		return dentry_has_perm(current, path->mnt, path->dentry,

				       FILE__MOUNTON);

}