[PATCH] switch a bunch of LSM hooks from nameidata to path

Namely, ones from namespace.c Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

[PATCH] switch a bunch of LSM hooks from nameidata to path
Namely, ones from namespace.c Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro
1 parent 1a60a28077
Showing 6 changed files with 53 additions and 52 deletions Side-by-side Diff
fs/namespace.c
include/linux/security.h
security/dummy.c
security/security.c
security/selinux/hooks.c
security/smack/smack_lsm.c
@@ -1220,7 +1220,7 @@
 	if (IS_DEADDIR(nd->path.dentry->d_inode))
 		goto out_unlock;
  
-	err = security_sb_check_sb(mnt, nd);
+	err = security_sb_check_sb(mnt, &nd->path);
 	if (err)
 		goto out_unlock;
  
@@ -1230,7 +1230,7 @@
 out_unlock:
 	mutex_unlock(&nd->path.dentry->d_inode->i_mutex);
 	if (!err)
-		security_sb_post_addmount(mnt, nd);
+		security_sb_post_addmount(mnt, &nd->path);
 	return err;
 }
  
@@ -1746,7 +1746,8 @@
 	if (retval)
 		return retval;
  
-	retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
+	retval = security_sb_mount(dev_name, &nd.path,
+				   type_page, flags, data_page);
 	if (retval)
 		goto dput_out;
  
@@ -2007,7 +2008,7 @@
 	if (error)
 		goto out1;
  
-	error = security_sb_pivotroot(&old_nd, &new_nd);
+	error = security_sb_pivotroot(&old_nd.path, &new_nd.path);
 	if (error) {
 		path_put(&old_nd.path);
 		goto out1;
@@ -2070,7 +2071,7 @@
 	touch_mnt_namespace(current->nsproxy->mnt_ns);
 	spin_unlock(&vfsmount_lock);
 	chroot_fs_refs(&user_nd.path, &new_nd.path);
-	security_sb_post_pivotroot(&user_nd, &new_nd);
+	security_sb_post_pivotroot(&user_nd.path, &new_nd.path);
 	error = 0;
 	path_put(&root_parent);
 	path_put(&parent_path);
@@ -230,7 +230,7 @@
  *	loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
  *	pathname of the object being mounted.
  *	@dev_name contains the name for object being mounted.
- *	@nd contains the nameidata structure for mount point object.
+ *	@path contains the path for mount point object.
  *	@type contains the filesystem type.
  *	@flags contains the mount flags.
  *	@data contains the filesystem-specific data.
@@ -249,7 +249,7 @@
  *	Check permission before the device with superblock @mnt->sb is mounted
  *	on the mount point named by @nd.
  *	@mnt contains the vfsmount for device being mounted.
- *	@nd contains the nameidata object for the mount point.
+ *	@path contains the path for the mount point.
  *	Return 0 if permission is granted.
  * @sb_umount:
  *	Check permission before the @mnt file system is unmounted.
  
  
@@ -278,16 +278,16 @@
  *	This hook is called any time a mount is successfully grafetd to
  *	the tree.
  *	@mnt contains the mounted filesystem.
- *	@mountpoint_nd contains the nameidata structure for the mount point.
+ *	@mountpoint contains the path for the mount point.
  * @sb_pivotroot:
  *	Check permission before pivoting the root filesystem.
- *	@old_nd contains the nameidata structure for the new location of the current root (put_old).
- *      @new_nd contains the nameidata structure for the new root (new_root).
+ *	@old_path contains the path for the new location of the current root (put_old).
+ *      @new_path contains the path for the new root (new_root).
  *	Return 0 if permission is granted.
  * @sb_post_pivotroot:
  *	Update module state after a successful pivot.
- *	@old_nd contains the nameidata structure for the old root.
- *      @new_nd contains the nameidata structure for the new root.
+ *	@old_path contains the path for the old root.
+ *      @new_path contains the path for the new root.
  * @sb_get_mnt_opts:
  *	Get the security relevant mount options used for a superblock
  *	@sb the superblock to get security mount options from
  
  
@@ -1315,20 +1315,20 @@
 	int (*sb_copy_data)(char *orig, char *copy);
 	int (*sb_kern_mount) (struct super_block *sb, void *data);
 	int (*sb_statfs) (struct dentry *dentry);
-	int (*sb_mount) (char *dev_name, struct nameidata * nd,
+	int (*sb_mount) (char *dev_name, struct path *path,
 			 char *type, unsigned long flags, void *data);
-	int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd);
+	int (*sb_check_sb) (struct vfsmount * mnt, struct path *path);
 	int (*sb_umount) (struct vfsmount * mnt, int flags);
 	void (*sb_umount_close) (struct vfsmount * mnt);
 	void (*sb_umount_busy) (struct vfsmount * mnt);
 	void (*sb_post_remount) (struct vfsmount * mnt,
 				 unsigned long flags, void *data);
 	void (*sb_post_addmount) (struct vfsmount * mnt,
-				  struct nameidata * mountpoint_nd);
-	int (*sb_pivotroot) (struct nameidata * old_nd,
-			     struct nameidata * new_nd);
-	void (*sb_post_pivotroot) (struct nameidata * old_nd,
-				   struct nameidata * new_nd);
+				  struct path *mountpoint);
+	int (*sb_pivotroot) (struct path *old_path,
+			     struct path *new_path);
+	void (*sb_post_pivotroot) (struct path *old_path,
+				   struct path *new_path);
 	int (*sb_get_mnt_opts) (const struct super_block *sb,
 				struct security_mnt_opts *opts);
 	int (*sb_set_mnt_opts) (struct super_block *sb,
  
  
@@ -1593,16 +1593,16 @@
 int security_sb_copy_data(char *orig, char *copy);
 int security_sb_kern_mount(struct super_block *sb, void *data);
 int security_sb_statfs(struct dentry *dentry);
-int security_sb_mount(char *dev_name, struct nameidata *nd,
+int security_sb_mount(char *dev_name, struct path *path,
                        char *type, unsigned long flags, void *data);
-int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd);
+int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
 int security_sb_umount(struct vfsmount *mnt, int flags);
 void security_sb_umount_close(struct vfsmount *mnt);
 void security_sb_umount_busy(struct vfsmount *mnt);
 void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
-void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
-int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
-void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
+void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint);
+int security_sb_pivotroot(struct path *old_path, struct path *new_path);
+void security_sb_post_pivotroot(struct path *old_path, struct path *new_path);
 int security_sb_get_mnt_opts(const struct super_block *sb,
 				struct security_mnt_opts *opts);
 int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
@@ -1872,7 +1872,7 @@
 	return 0;
 }
  
-static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+static inline int security_sb_mount (char *dev_name, struct path *path,
 				    char *type, unsigned long flags,
 				    void *data)
 {
@@ -1880,7 +1880,7 @@
 }
  
 static inline int security_sb_check_sb (struct vfsmount *mnt,
-					struct nameidata *nd)
+					struct path *path)
 {
 	return 0;
 }
  
  
@@ -1901,17 +1901,17 @@
 { }
  
 static inline void security_sb_post_addmount (struct vfsmount *mnt,
-					      struct nameidata *mountpoint_nd)
+					      struct path *mountpoint)
 { }
  
-static inline int security_sb_pivotroot (struct nameidata *old_nd,
-					 struct nameidata *new_nd)
+static inline int security_sb_pivotroot (struct path *old_path,
+					 struct path *new_path)
 {
 	return 0;
 }
  
-static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
-					       struct nameidata *new_nd)
+static inline void security_sb_post_pivotroot (struct path *old_path,
+					       struct path *new_path)
 { }
 static inline int security_sb_get_mnt_opts(const struct super_block *sb,
 					   struct security_mnt_opts *opts)
@@ -196,13 +196,13 @@
 	return 0;
 }
  
-static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,
+static int dummy_sb_mount (char *dev_name, struct path *path, char *type,
 			   unsigned long flags, void *data)
 {
 	return 0;
 }
  
-static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path)
 {
 	return 0;
 }
  
  
@@ -229,17 +229,17 @@
 }
  
  
-static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path)
 {
 	return;
 }
  
-static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path)
 {
 	return 0;
 }
  
-static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path)
 {
 	return;
 }
@@ -296,15 +296,15 @@
 	return security_ops->sb_statfs(dentry);
 }
  
-int security_sb_mount(char *dev_name, struct nameidata *nd,
+int security_sb_mount(char *dev_name, struct path *path,
                        char *type, unsigned long flags, void *data)
 {
-	return security_ops->sb_mount(dev_name, nd, type, flags, data);
+	return security_ops->sb_mount(dev_name, path, type, flags, data);
 }
  
-int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd)
+int security_sb_check_sb(struct vfsmount *mnt, struct path *path)
 {
-	return security_ops->sb_check_sb(mnt, nd);
+	return security_ops->sb_check_sb(mnt, path);
 }
  
 int security_sb_umount(struct vfsmount *mnt, int flags)
  
  
  
  
  
@@ -327,19 +327,19 @@
 	security_ops->sb_post_remount(mnt, flags, data);
 }
  
-void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd)
+void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)
 {
-	security_ops->sb_post_addmount(mnt, mountpoint_nd);
+	security_ops->sb_post_addmount(mnt, mountpoint);
 }
  
-int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
+int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
-	return security_ops->sb_pivotroot(old_nd, new_nd);
+	return security_ops->sb_pivotroot(old_path, new_path);
 }
  
-void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
+void security_sb_post_pivotroot(struct path *old_path, struct path *new_path)
 {
-	security_ops->sb_post_pivotroot(old_nd, new_nd);
+	security_ops->sb_post_pivotroot(old_path, new_path);
 }
  
 int security_sb_get_mnt_opts(const struct super_block *sb,
@@ -2392,22 +2392,22 @@
 }
  
 static int selinux_mount(char *dev_name,
-			 struct nameidata *nd,
+			 struct path *path,
 			 char *type,
 			 unsigned long flags,
 			 void *data)
 {
 	int rc;
  
-	rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
+	rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
 	if (rc)
 		return rc;
  
 	if (flags & MS_REMOUNT)
-		return superblock_has_perm(current, nd->path.mnt->mnt_sb,
+		return superblock_has_perm(current, path->mnt->mnt_sb,
 					   FILESYSTEM__REMOUNT, NULL);
 	else
-		return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,
+		return dentry_has_perm(current, path->mnt, path->dentry,
 				       FILE__MOUNTON);
 }
  
@@ -315,10 +315,10 @@
  * Returns 0 if current can write the floor of the filesystem
  * being mounted on, an error code otherwise.
  */
-static int smack_sb_mount(char *dev_name, struct nameidata *nd,
+static int smack_sb_mount(char *dev_name, struct path *path,
 			  char *type, unsigned long flags, void *data)
 {
-	struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
+	struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
  
 	return smk_curacc(sbp->smk_floor, MAY_WRITE);
 }
...	...	@@ -1220,7 +1220,7 @@
1220	1220	if (IS_DEADDIR(nd->path.dentry->d_inode))
1221	1221	goto out_unlock;
1222	1222
1223		- err = security_sb_check_sb(mnt, nd);
	1223	+ err = security_sb_check_sb(mnt, &nd->path);
1224	1224	if (err)
1225	1225	goto out_unlock;
1226	1226
...	...	@@ -1230,7 +1230,7 @@
1230	1230	out_unlock:
1231	1231	mutex_unlock(&nd->path.dentry->d_inode->i_mutex);
1232	1232	if (!err)
1233		- security_sb_post_addmount(mnt, nd);
	1233	+ security_sb_post_addmount(mnt, &nd->path);
1234	1234	return err;
1235	1235	}
1236	1236
...	...	@@ -1746,7 +1746,8 @@
1746	1746	if (retval)
1747	1747	return retval;
1748	1748
1749		- retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
	1749	+ retval = security_sb_mount(dev_name, &nd.path,
	1750	+ type_page, flags, data_page);
1750	1751	if (retval)
1751	1752	goto dput_out;
1752	1753
...	...	@@ -2007,7 +2008,7 @@
2007	2008	if (error)
2008	2009	goto out1;
2009	2010
2010		- error = security_sb_pivotroot(&old_nd, &new_nd);
	2011	+ error = security_sb_pivotroot(&old_nd.path, &new_nd.path);
2011	2012	if (error) {
2012	2013	path_put(&old_nd.path);
2013	2014	goto out1;
...	...	@@ -2070,7 +2071,7 @@
2070	2071	touch_mnt_namespace(current->nsproxy->mnt_ns);
2071	2072	spin_unlock(&vfsmount_lock);
2072	2073	chroot_fs_refs(&user_nd.path, &new_nd.path);
2073		- security_sb_post_pivotroot(&user_nd, &new_nd);
	2074	+ security_sb_post_pivotroot(&user_nd.path, &new_nd.path);
2074	2075	error = 0;
2075	2076	path_put(&root_parent);
2076	2077	path_put(&parent_path);
...	...	@@ -230,7 +230,7 @@
230	230	* loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
231	231	* pathname of the object being mounted.
232	232	* @dev_name contains the name for object being mounted.
233		- * @nd contains the nameidata structure for mount point object.
	233	+ * @path contains the path for mount point object.
234	234	* @type contains the filesystem type.
235	235	* @flags contains the mount flags.
236	236	* @data contains the filesystem-specific data.
...	...	@@ -249,7 +249,7 @@
249	249	* Check permission before the device with superblock @mnt->sb is mounted
250	250	* on the mount point named by @nd.
251	251	* @mnt contains the vfsmount for device being mounted.
252		- * @nd contains the nameidata object for the mount point.
	252	+ * @path contains the path for the mount point.
253	253	* Return 0 if permission is granted.
254	254	* @sb_umount:
255	255	* Check permission before the @mnt file system is unmounted.
256	256
257	257
...	...	@@ -278,16 +278,16 @@
278	278	* This hook is called any time a mount is successfully grafetd to
279	279	* the tree.
280	280	* @mnt contains the mounted filesystem.
281		- * @mountpoint_nd contains the nameidata structure for the mount point.
	281	+ * @mountpoint contains the path for the mount point.
282	282	* @sb_pivotroot:
283	283	* Check permission before pivoting the root filesystem.
284		- * @old_nd contains the nameidata structure for the new location of the current root (put_old).
285		- * @new_nd contains the nameidata structure for the new root (new_root).
	284	+ * @old_path contains the path for the new location of the current root (put_old).
	285	+ * @new_path contains the path for the new root (new_root).
286	286	* Return 0 if permission is granted.
287	287	* @sb_post_pivotroot:
288	288	* Update module state after a successful pivot.
289		- * @old_nd contains the nameidata structure for the old root.
290		- * @new_nd contains the nameidata structure for the new root.
	289	+ * @old_path contains the path for the old root.
	290	+ * @new_path contains the path for the new root.
291	291	* @sb_get_mnt_opts:
292	292	* Get the security relevant mount options used for a superblock
293	293	* @sb the superblock to get security mount options from
294	294
295	295
...	...	@@ -1315,20 +1315,20 @@
1315	1315	int (sb_copy_data)(char orig, char *copy);
1316	1316	int (sb_kern_mount) (struct super_block sb, void *data);
1317	1317	int (sb_statfs) (struct dentry dentry);
1318		- int (sb_mount) (char dev_name, struct nameidata * nd,
	1318	+ int (sb_mount) (char dev_name, struct path *path,
1319	1319	char type, unsigned long flags, void data);
1320		- int (sb_check_sb) (struct vfsmount mnt, struct nameidata * nd);
	1320	+ int (sb_check_sb) (struct vfsmount mnt, struct path *path);
1321	1321	int (sb_umount) (struct vfsmount mnt, int flags);
1322	1322	void (sb_umount_close) (struct vfsmount mnt);
1323	1323	void (sb_umount_busy) (struct vfsmount mnt);
1324	1324	void (sb_post_remount) (struct vfsmount mnt,
1325	1325	unsigned long flags, void *data);
1326	1326	void (sb_post_addmount) (struct vfsmount mnt,
1327		- struct nameidata * mountpoint_nd);
1328		- int (sb_pivotroot) (struct nameidata old_nd,
1329		- struct nameidata * new_nd);
1330		- void (sb_post_pivotroot) (struct nameidata old_nd,
1331		- struct nameidata * new_nd);
	1327	+ struct path *mountpoint);
	1328	+ int (sb_pivotroot) (struct path old_path,
	1329	+ struct path *new_path);
	1330	+ void (sb_post_pivotroot) (struct path old_path,
	1331	+ struct path *new_path);
1332	1332	int (sb_get_mnt_opts) (const struct super_block sb,
1333	1333	struct security_mnt_opts *opts);
1334	1334	int (sb_set_mnt_opts) (struct super_block sb,
1335	1335
1336	1336
...	...	@@ -1593,16 +1593,16 @@
1593	1593	int security_sb_copy_data(char orig, char copy);
1594	1594	int security_sb_kern_mount(struct super_block sb, void data);
1595	1595	int security_sb_statfs(struct dentry *dentry);
1596		-int security_sb_mount(char dev_name, struct nameidata nd,
	1596	+int security_sb_mount(char dev_name, struct path path,
1597	1597	char type, unsigned long flags, void data);
1598		-int security_sb_check_sb(struct vfsmount mnt, struct nameidata nd);
	1598	+int security_sb_check_sb(struct vfsmount mnt, struct path path);
1599	1599	int security_sb_umount(struct vfsmount *mnt, int flags);
1600	1600	void security_sb_umount_close(struct vfsmount *mnt);
1601	1601	void security_sb_umount_busy(struct vfsmount *mnt);
1602	1602	void security_sb_post_remount(struct vfsmount mnt, unsigned long flags, void data);
1603		-void security_sb_post_addmount(struct vfsmount mnt, struct nameidata mountpoint_nd);
1604		-int security_sb_pivotroot(struct nameidata old_nd, struct nameidata new_nd);
1605		-void security_sb_post_pivotroot(struct nameidata old_nd, struct nameidata new_nd);
	1603	+void security_sb_post_addmount(struct vfsmount mnt, struct path mountpoint);
	1604	+int security_sb_pivotroot(struct path old_path, struct path new_path);
	1605	+void security_sb_post_pivotroot(struct path old_path, struct path new_path);
1606	1606	int security_sb_get_mnt_opts(const struct super_block *sb,
1607	1607	struct security_mnt_opts *opts);
1608	1608	int security_sb_set_mnt_opts(struct super_block sb, struct security_mnt_opts opts);
...	...	@@ -1872,7 +1872,7 @@
1872	1872	return 0;
1873	1873	}
1874	1874
1875		-static inline int security_sb_mount (char dev_name, struct nameidata nd,
	1875	+static inline int security_sb_mount (char dev_name, struct path path,
1876	1876	char *type, unsigned long flags,
1877	1877	void *data)
1878	1878	{
...	...	@@ -1880,7 +1880,7 @@
1880	1880	}
1881	1881
1882	1882	static inline int security_sb_check_sb (struct vfsmount *mnt,
1883		- struct nameidata *nd)
	1883	+ struct path *path)
1884	1884	{
1885	1885	return 0;
1886	1886	}
1887	1887
1888	1888
...	...	@@ -1901,17 +1901,17 @@
1901	1901	{ }
1902	1902
1903	1903	static inline void security_sb_post_addmount (struct vfsmount *mnt,
1904		- struct nameidata *mountpoint_nd)
	1904	+ struct path *mountpoint)
1905	1905	{ }
1906	1906
1907		-static inline int security_sb_pivotroot (struct nameidata *old_nd,
1908		- struct nameidata *new_nd)
	1907	+static inline int security_sb_pivotroot (struct path *old_path,
	1908	+ struct path *new_path)
1909	1909	{
1910	1910	return 0;
1911	1911	}
1912	1912
1913		-static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
1914		- struct nameidata *new_nd)
	1913	+static inline void security_sb_post_pivotroot (struct path *old_path,
	1914	+ struct path *new_path)
1915	1915	{ }
1916	1916	static inline int security_sb_get_mnt_opts(const struct super_block *sb,
1917	1917	struct security_mnt_opts *opts)
...	...	@@ -196,13 +196,13 @@
196	196	return 0;
197	197	}
198	198
199		-static int dummy_sb_mount (char dev_name, struct nameidata nd, char *type,
	199	+static int dummy_sb_mount (char dev_name, struct path path, char *type,
200	200	unsigned long flags, void *data)
201	201	{
202	202	return 0;
203	203	}
204	204
205		-static int dummy_sb_check_sb (struct vfsmount mnt, struct nameidata nd)
	205	+static int dummy_sb_check_sb (struct vfsmount mnt, struct path path)
206	206	{
207	207	return 0;
208	208	}
209	209
210	210
...	...	@@ -229,17 +229,17 @@
229	229	}
230	230
231	231
232		-static void dummy_sb_post_addmount (struct vfsmount mnt, struct nameidata nd)
	232	+static void dummy_sb_post_addmount (struct vfsmount mnt, struct path path)
233	233	{
234	234	return;
235	235	}
236	236
237		-static int dummy_sb_pivotroot (struct nameidata old_nd, struct nameidata new_nd)
	237	+static int dummy_sb_pivotroot (struct path old_path, struct path new_path)
238	238	{
239	239	return 0;
240	240	}
241	241
242		-static void dummy_sb_post_pivotroot (struct nameidata old_nd, struct nameidata new_nd)
	242	+static void dummy_sb_post_pivotroot (struct path old_path, struct path new_path)
243	243	{
244	244	return;
245	245	}
...	...	@@ -296,15 +296,15 @@
296	296	return security_ops->sb_statfs(dentry);
297	297	}
298	298
299		-int security_sb_mount(char dev_name, struct nameidata nd,
	299	+int security_sb_mount(char dev_name, struct path path,
300	300	char type, unsigned long flags, void data)
301	301	{
302		- return security_ops->sb_mount(dev_name, nd, type, flags, data);
	302	+ return security_ops->sb_mount(dev_name, path, type, flags, data);
303	303	}
304	304
305		-int security_sb_check_sb(struct vfsmount mnt, struct nameidata nd)
	305	+int security_sb_check_sb(struct vfsmount mnt, struct path path)
306	306	{
307		- return security_ops->sb_check_sb(mnt, nd);
	307	+ return security_ops->sb_check_sb(mnt, path);
308	308	}
309	309
310	310	int security_sb_umount(struct vfsmount *mnt, int flags)
311	311
312	312
313	313
314	314
315	315
...	...	@@ -327,19 +327,19 @@
327	327	security_ops->sb_post_remount(mnt, flags, data);
328	328	}
329	329
330		-void security_sb_post_addmount(struct vfsmount mnt, struct nameidata mountpoint_nd)
	330	+void security_sb_post_addmount(struct vfsmount mnt, struct path mountpoint)
331	331	{
332		- security_ops->sb_post_addmount(mnt, mountpoint_nd);
	332	+ security_ops->sb_post_addmount(mnt, mountpoint);
333	333	}
334	334
335		-int security_sb_pivotroot(struct nameidata old_nd, struct nameidata new_nd)
	335	+int security_sb_pivotroot(struct path old_path, struct path new_path)
336	336	{
337		- return security_ops->sb_pivotroot(old_nd, new_nd);
	337	+ return security_ops->sb_pivotroot(old_path, new_path);
338	338	}
339	339
340		-void security_sb_post_pivotroot(struct nameidata old_nd, struct nameidata new_nd)
	340	+void security_sb_post_pivotroot(struct path old_path, struct path new_path)
341	341	{
342		- security_ops->sb_post_pivotroot(old_nd, new_nd);
	342	+ security_ops->sb_post_pivotroot(old_path, new_path);
343	343	}
344	344
345	345	int security_sb_get_mnt_opts(const struct super_block *sb,
...	...	@@ -2392,22 +2392,22 @@
2392	2392	}
2393	2393
2394	2394	static int selinux_mount(char *dev_name,
2395		- struct nameidata *nd,
	2395	+ struct path *path,
2396	2396	char *type,
2397	2397	unsigned long flags,
2398	2398	void *data)
2399	2399	{
2400	2400	int rc;
2401	2401
2402		- rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
	2402	+ rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
2403	2403	if (rc)
2404	2404	return rc;
2405	2405
2406	2406	if (flags & MS_REMOUNT)
2407		- return superblock_has_perm(current, nd->path.mnt->mnt_sb,
	2407	+ return superblock_has_perm(current, path->mnt->mnt_sb,
2408	2408	FILESYSTEM__REMOUNT, NULL);
2409	2409	else
2410		- return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,
	2410	+ return dentry_has_perm(current, path->mnt, path->dentry,
2411	2411	FILE__MOUNTON);
2412	2412	}
2413	2413
...	...	@@ -315,10 +315,10 @@
315	315	* Returns 0 if current can write the floor of the filesystem
316	316	* being mounted on, an error code otherwise.
317	317	*/
318		-static int smack_sb_mount(char dev_name, struct nameidata nd,
	318	+static int smack_sb_mount(char dev_name, struct path path,
319	319	char type, unsigned long flags, void data)
320	320	{
321		- struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
	321	+ struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
322	322
323	323	return smk_curacc(sbp->smk_floor, MAY_WRITE);
324	324	}