Debian patch for aufs on 2.6.29 --- Add support for Kernel 2.6.29. Changes we are affected by: 1. dentry_open() receives a new argument for passing the cred 2. current->fsuid is now current_fsuid() 3. disable security_inode_* calls, as they are not exported normally. Enable them only if CONFIG_AUFS_SEC_PERM_PATCH is defined --- a/fs/aufs25/export.c +++ b/fs/aufs25/export.c @@ -384,7 +384,11 @@ static struct dentry *au_lkup_by_ino(str if (nsi_lock) si_read_unlock(parent->d_sb); path_get(path); + #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) file = dentry_open(parent, path->mnt, au_dir_roflags); + #else + file = dentry_open(parent, path->mnt, au_dir_roflags, current_cred()); + #endif dentry = (void *)file; if (IS_ERR(file)) goto out; --- a/fs/aufs25/file.c +++ b/fs/aufs25/file.c @@ -98,8 +98,13 @@ struct file *au_h_open(struct dentry *de h_file = NULL; if (file && au_test_nfs(h_dentry->d_sb)) h_file = au_h_intent(dentry, bindex, file); - if (!h_file) + if (!h_file) { + #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) h_file = dentry_open(dget(h_dentry), mntget(br->br_mnt), flags); + #else + h_file = dentry_open(dget(h_dentry), mntget(br->br_mnt), flags, current_cred()); + #endif + } /* * a dirty trick for handling FMODE_EXEC and deny_write_access(). --- a/fs/aufs25/inode.c +++ b/fs/aufs25/inode.c @@ -405,7 +405,11 @@ int au_test_ro(struct super_block *sb, a int au_test_h_perm(struct inode *h_inode, int mask, int dlgt) { + #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) if (!current->fsuid) + #else + if (!current_fsuid()) + #endif return 0; /* todo: fake nameidata? */ return vfsub_permission(h_inode, mask, NULL, dlgt); --- a/fs/aufs25/whout.c +++ b/fs/aufs25/whout.c @@ -274,9 +274,15 @@ static int do_unlink_wh(struct au_hinode * forces superio when the dir has a sticky bit. * this may be a violation of unix fs semantics. */ + #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) vfsub_args_init(&vargs, &ign, dlgt, (h_dir->i_mode & S_ISVTX) && wh_dentry->d_inode->i_uid != current->fsuid); + #else + vfsub_args_init(&vargs, &ign, dlgt, + (h_dir->i_mode & S_ISVTX) + && wh_dentry->d_inode->i_uid != current_fsuid()); + #endif vfsub_ign_hinode(&vargs, IN_DELETE, hdir); err = vfsub_unlink(h_dir, wh_dentry, &vargs); AuTraceErr(err); @@ -625,7 +631,11 @@ static void reinit_br_wh(void *arg) struct vfsub_args vargs; AuTraceEnter(); + #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) AuDebugOn(current->fsuid); + #else + AuDebugOn(current_fsuid()); + #endif err = 0; wbr = a->br->br_wbr; --- a/fs/aufs25/xino.c +++ b/fs/aufs25/xino.c @@ -620,8 +620,13 @@ struct file *au_xino_create2(struct supe AuErr("%.*s create err %d\n", AuLNPair(name), err); goto out_dput; } + #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 29) file = dentry_open(dget(dentry), mntget(base_file->f_vfsmnt), O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE); + #else + file = dentry_open(dget(dentry), mntget(base_file->f_vfsmnt), + O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, current_cred()); + #endif if (IS_ERR(file)) { AuErr("%.*s open err %ld\n", AuLNPair(name), PTR_ERR(file)); goto out_dput; --- a/fs/aufs25/i_op.c +++ b/fs/aufs25/i_op.c @@ -61,7 +61,7 @@ static int h_permission(struct inode *h_ AuTraceErr(err); } -#if 1 /* todo: export? */ +#ifdef CONFIG_AUFS_SEC_PERM_PATCH if (!err) err = au_security_inode_permission(h_inode, mask, NULL, dlgt); @@ -221,7 +221,7 @@ static int h_permission(struct inode *h_ AuTraceErr(err); } -#if 1 /* todo: export? */ +#ifdef CONFIG_AUFS_SEC_PERM_PATCH if (!err) err = au_security_inode_permission(h_inode, mask, fake_nd, dlgt); --- a/fs/aufs25/inode.h +++ b/fs/aufs25/inode.h @@ -148,7 +148,7 @@ int aufs_rename(struct inode *src_dir, s /* dlgt.c */ int au_security_inode_permission(struct inode *h_inode, int mask, struct nameidata *fake_nd, int dlgt); -#else +#elif defined(CONFIG_AUFS_SEC_PERM_PATCH) static inline int au_security_inode_permission(struct inode *h_inode, int mask, struct nameidata *fake_nd, int dlgt)