diff options
-rw-r--r-- | fs/namespace.c | 5 | ||||
-rw-r--r-- | include/linux/security.h | 14 | ||||
-rw-r--r-- | security/capability.c | 6 | ||||
-rw-r--r-- | security/security.c | 5 |
4 files changed, 0 insertions, 30 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 8174c8a..c1d0d87 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1435,11 +1435,6 @@ static int graft_tree(struct vfsmount *mnt, struct path *path) if (IS_DEADDIR(path->dentry->d_inode)) goto out_unlock; - err = security_sb_check_sb(mnt, path); - if (err) - goto out_unlock; - - err = -ENOENT; if (!d_unlinked(path->dentry)) err = attach_recursive_mnt(mnt, path, NULL); out_unlock: diff --git a/include/linux/security.h b/include/linux/security.h index 233d20b..9ebd2e4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -267,12 +267,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @orig the original mount data copied from userspace. * @copy copied data which will be passed to the security module. * Returns 0 if the copy was successful. - * @sb_check_sb: - * Check permission before the device with superblock @mnt->sb is mounted - * on the mount point named by @nd. - * @mnt contains the vfsmount for device being mounted. - * @path contains the path for the mount point. - * Return 0 if permission is granted. * @sb_umount: * Check permission before the @mnt file system is unmounted. * @mnt contains the mounted file system. @@ -1484,7 +1478,6 @@ struct security_operations { int (*sb_statfs) (struct dentry *dentry); int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); - int (*sb_check_sb) (struct vfsmount *mnt, struct path *path); int (*sb_umount) (struct vfsmount *mnt, int flags); void (*sb_umount_close) (struct vfsmount *mnt); void (*sb_umount_busy) (struct vfsmount *mnt); @@ -1783,7 +1776,6 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb); int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); -int security_sb_check_sb(struct vfsmount *mnt, struct path *path); int security_sb_umount(struct vfsmount *mnt, int flags); void security_sb_umount_close(struct vfsmount *mnt); void security_sb_umount_busy(struct vfsmount *mnt); @@ -2099,12 +2091,6 @@ static inline int security_sb_mount(char *dev_name, struct path *path, return 0; } -static inline int security_sb_check_sb(struct vfsmount *mnt, - struct path *path) -{ - return 0; -} - static inline int security_sb_umount(struct vfsmount *mnt, int flags) { return 0; diff --git a/security/capability.c b/security/capability.c index 4875142..a7e905d 100644 --- a/security/capability.c +++ b/security/capability.c @@ -80,11 +80,6 @@ static int cap_sb_mount(char *dev_name, struct path *path, char *type, return 0; } -static int cap_sb_check_sb(struct vfsmount *mnt, struct path *path) -{ - return 0; -} - static int cap_sb_umount(struct vfsmount *mnt, int flags) { return 0; @@ -941,7 +936,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, sb_show_options); set_to_cap_if_null(ops, sb_statfs); set_to_cap_if_null(ops, sb_mount); - set_to_cap_if_null(ops, sb_check_sb); set_to_cap_if_null(ops, sb_umount); set_to_cap_if_null(ops, sb_umount_close); set_to_cap_if_null(ops, sb_umount_busy); diff --git a/security/security.c b/security/security.c index b98334b..a0bee70 100644 --- a/security/security.c +++ b/security/security.c @@ -306,11 +306,6 @@ int security_sb_mount(char *dev_name, struct path *path, return security_ops->sb_mount(dev_name, path, type, flags, data); } -int security_sb_check_sb(struct vfsmount *mnt, struct path *path) -{ - return security_ops->sb_check_sb(mnt, path); -} - int security_sb_umount(struct vfsmount *mnt, int flags) { return security_ops->sb_umount(mnt, flags); |