goto out;
        }
 
-       filp = dentry_open(dentry, mnt, O_RDONLY);
+       filp = dentry_open(dentry, mnt, O_RDONLY, current_cred());
        if (IS_ERR(filp)) {
                put_unused_fd(ret);
                ret = PTR_ERR(filp);
                goto out;
        }
 
-       filp = dentry_open(dentry, mnt, O_RDONLY);
+       filp = dentry_open(dentry, mnt, O_RDONLY, current_cred());
        if (IS_ERR(filp)) {
                put_unused_fd(ret);
                ret = PTR_ERR(filp);
 
                goto out_kill;
        }
 
-       file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY);
+       file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,
+                          current_cred());
        if (IS_ERR(file)) {
                mconsole_reply(req, "Failed to open file", 1, 0);
                goto out_kill;
 
                        goto out;
                }
 
-               filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY);
+               filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,
+                                  current_cred());
                if (IS_ERR(filp)) {
                        err = PTR_ERR(filp);
                        goto out;
 
 void ecryptfs_destroy_kthread(void);
 int ecryptfs_privileged_open(struct file **lower_file,
                             struct dentry *lower_dentry,
-                            struct vfsmount *lower_mnt);
+                            struct vfsmount *lower_mnt,
+                            const struct cred *cred);
 int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);
 
 #endif /* #ifndef ECRYPTFS_KERNEL_H */
 
                                mntget(req->lower_mnt);
                                (*req->lower_file) = dentry_open(
                                        req->lower_dentry, req->lower_mnt,
-                                       (O_RDWR | O_LARGEFILE));
+                                       (O_RDWR | O_LARGEFILE), current_cred());
                                req->flags |= ECRYPTFS_REQ_PROCESSED;
                        }
                        wake_up(&req->wait);
  */
 int ecryptfs_privileged_open(struct file **lower_file,
                             struct dentry *lower_dentry,
-                            struct vfsmount *lower_mnt)
+                            struct vfsmount *lower_mnt,
+                            const struct cred *cred)
 {
        struct ecryptfs_open_req *req;
        int rc = 0;
        dget(lower_dentry);
        mntget(lower_mnt);
        (*lower_file) = dentry_open(lower_dentry, lower_mnt,
-                                   (O_RDWR | O_LARGEFILE));
+                                   (O_RDWR | O_LARGEFILE), cred);
        if (!IS_ERR(*lower_file))
                goto out;
        req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
                dget(lower_dentry);
                mntget(lower_mnt);
                (*lower_file) = dentry_open(lower_dentry, lower_mnt,
-                                           (O_RDONLY | O_LARGEFILE));
+                                           (O_RDONLY | O_LARGEFILE), cred);
                if (IS_ERR(*lower_file)) {
                        rc = PTR_ERR(*req->lower_file);
                        (*lower_file) = NULL;
 
  */
 int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
 {
+       const struct cred *cred = current_cred();
        struct ecryptfs_inode_info *inode_info =
                ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
        int rc = 0;
 
                lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
                rc = ecryptfs_privileged_open(&inode_info->lower_file,
-                                                    lower_dentry, lower_mnt);
+                                             lower_dentry, lower_mnt, cred);
                if (rc || IS_ERR(inode_info->lower_file)) {
                        printk(KERN_ERR "Error opening lower persistent file "
                               "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
 
 #include <linux/module.h>
 #include <linux/mount.h>
 #include <linux/namei.h>
+#include <linux/sched.h>
 
 #define dprintk(fmt, args...) do{}while(0)
 
 static int get_name(struct vfsmount *mnt, struct dentry *dentry,
                char *name, struct dentry *child)
 {
+       const struct cred *cred = current_cred();
        struct inode *dir = dentry->d_inode;
        int error;
        struct file *file;
        /*
         * Open the directory ...
         */
-       file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY);
+       file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY, cred);
        error = PTR_ERR(file);
        if (IS_ERR(file))
                goto out;
 
 
 static int hppfs_open(struct inode *inode, struct file *file)
 {
+       const struct cred *cred = current_cred();
        struct hppfs_private *data;
        struct vfsmount *proc_mnt;
        struct dentry *proc_dentry;
 
        /* XXX This isn't closed anywhere */
        data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt),
-                                     file_mode(file->f_mode));
+                                     file_mode(file->f_mode), cred);
        err = PTR_ERR(data->proc_file);
        if (IS_ERR(data->proc_file))
                goto out_free1;
 
 static int hppfs_dir_open(struct inode *inode, struct file *file)
 {
+       const struct cred *cred = current_cred();
        struct hppfs_private *data;
        struct vfsmount *proc_mnt;
        struct dentry *proc_dentry;
        proc_dentry = HPPFS_I(inode)->proc_dentry;
        proc_mnt = inode->i_sb->s_fs_info;
        data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt),
-                                     file_mode(file->f_mode));
+                                     file_mode(file->f_mode), cred);
        err = PTR_ERR(data->proc_file);
        if (IS_ERR(data->proc_file))
                goto out_free;
 
                error = may_open(&nd, MAY_WRITE, FMODE_WRITE);
 
        if (!error)
-               return dentry_open(nd.path.dentry, nd.path.mnt, flags);
+               return dentry_open(nd.path.dentry, nd.path.mnt, flags,
+                                  current_cred());
 
        path_put(&nd.path);
        return ERR_PTR(error);
 
 
        nfs4_save_user(&uid, &gid);
 
-       filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY);
+       filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY,
+                          current_cred());
        status = PTR_ERR(filp);
        if (IS_ERR(filp))
                goto out;
 
 nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
                        int access, struct file **filp)
 {
+       const struct cred *cred = current_cred();
        struct dentry   *dentry;
        struct inode    *inode;
        int             flags = O_RDONLY|O_LARGEFILE;
                DQUOT_INIT(inode);
        }
        *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt),
-                               flags);
+                           flags, cred);
        if (IS_ERR(*filp))
                host_err = PTR_ERR(*filp);
 out_nfserr:
 
 
 static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
                                        int flags, struct file *f,
-                                       int (*open)(struct inode *, struct file *))
+                                       int (*open)(struct inode *, struct file *),
+                                       const struct cred *cred)
 {
        struct inode *inode;
        int error;
        f->f_op = fops_get(inode->i_fop);
        file_move(f, &inode->i_sb->s_files);
 
-       error = security_dentry_open(f);
+       error = security_dentry_open(f, cred);
        if (error)
                goto cleanup_all;
 
 struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
                int (*open)(struct inode *, struct file *))
 {
+       const struct cred *cred = current_cred();
+
        if (IS_ERR(nd->intent.open.file))
                goto out;
        if (IS_ERR(dentry))
        nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
                                             nd->intent.open.flags - 1,
                                             nd->intent.open.file,
-                                            open);
+                                            open, cred);
 out:
        return nd->intent.open.file;
 out_err:
  */
 struct file *nameidata_to_filp(struct nameidata *nd, int flags)
 {
+       const struct cred *cred = current_cred();
        struct file *filp;
 
        /* Pick up the filp from the open intent */
        /* Has the filesystem initialised the file for us? */
        if (filp->f_path.dentry == NULL)
                filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp,
-                                    NULL);
+                                    NULL, cred);
        else
                path_put(&nd->path);
        return filp;
  * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an
  * error.
  */
-struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags)
+struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
+                        const struct cred *cred)
 {
        int error;
        struct file *f;
                return ERR_PTR(error);
        }
 
-       return __dentry_open(dentry, mnt, flags, f, NULL);
+       return __dentry_open(dentry, mnt, flags, f, NULL, cred);
 }
 EXPORT_SYMBOL(dentry_open);
 
 
        struct file             *parfilp,
        struct inode            *parinode)
 {
+       const struct cred       *cred = current_cred();
        int                     error;
        int                     new_fd;
        int                     permflag;
        mntget(parfilp->f_path.mnt);
 
        /* Create file pointer. */
-       filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags);
+       filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags, cred);
        if (IS_ERR(filp)) {
                put_unused_fd(new_fd);
                return -XFS_ERROR(-PTR_ERR(filp));
 
 struct kstatfs;
 struct vm_area_struct;
 struct vfsmount;
+struct cred;
 
 extern void __init inode_init(void);
 extern void __init inode_init_early(void);
 extern long do_sys_open(int dfd, const char __user *filename, int flags,
                        int mode);
 extern struct file *filp_open(const char *, int, int);
-extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
+extern struct file * dentry_open(struct dentry *, struct vfsmount *, int,
+                                const struct cred *);
 extern int filp_close(struct file *, fl_owner_t id);
 extern char * getname(const char __user *);
 
 
        int (*file_send_sigiotask) (struct task_struct *tsk,
                                    struct fown_struct *fown, int sig);
        int (*file_receive) (struct file *file);
-       int (*dentry_open) (struct file *file);
+       int (*dentry_open) (struct file *file, const struct cred *cred);
 
        int (*task_create) (unsigned long clone_flags);
        int (*cred_alloc_security) (struct cred *cred);
 int security_file_send_sigiotask(struct task_struct *tsk,
                                 struct fown_struct *fown, int sig);
 int security_file_receive(struct file *file);
-int security_dentry_open(struct file *file);
+int security_dentry_open(struct file *file, const struct cred *cred);
 int security_task_create(unsigned long clone_flags);
 int security_cred_alloc(struct cred *cred);
 void security_cred_free(struct cred *cred);
        return 0;
 }
 
-static inline int security_dentry_open(struct file *file)
+static inline int security_dentry_open(struct file *file,
+                                      const struct cred *cred)
 {
        return 0;
 }
 
 static struct file *do_create(struct dentry *dir, struct dentry *dentry,
                        int oflag, mode_t mode, struct mq_attr __user *u_attr)
 {
+       const struct cred *cred = current_cred();
        struct mq_attr attr;
        struct file *result;
        int ret;
        if (ret)
                goto out_drop_write;
 
-       result = dentry_open(dentry, mqueue_mnt, oflag);
+       result = dentry_open(dentry, mqueue_mnt, oflag, cred);
        /*
         * dentry_open() took a persistent mnt_want_write(),
         * so we can now drop this one.
 /* Opens existing queue */
 static struct file *do_open(struct dentry *dentry, int oflag)
 {
-static int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE,
-                                       MAY_READ | MAY_WRITE };
+       const struct cred *cred = current_cred();
+
+       static const int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE,
+                                                 MAY_READ | MAY_WRITE };
 
        if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) {
                dput(dentry);
                return ERR_PTR(-EACCES);
        }
 
-       return dentry_open(dentry, mqueue_mnt, oflag);
+       return dentry_open(dentry, mqueue_mnt, oflag, cred);
 }
 
 asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode,
 
        return 0;
 }
 
-static int cap_dentry_open(struct file *file)
+static int cap_dentry_open(struct file *file, const struct cred *cred)
 {
        return 0;
 }
 
        return security_ops->file_receive(file);
 }
 
-int security_dentry_open(struct file *file)
+int security_dentry_open(struct file *file, const struct cred *cred)
 {
-       return security_ops->dentry_open(file);
+       return security_ops->dentry_open(file, cred);
 }
 
 int security_task_create(unsigned long clone_flags)
 
 extern struct dentry *selinux_null;
 
 /* Derived from fs/exec.c:flush_old_files. */
-static inline void flush_unauthorized_files(struct files_struct *files)
+static inline void flush_unauthorized_files(const struct cred *cred,
+                                           struct files_struct *files)
 {
-       const struct cred *cred = current_cred();
        struct avc_audit_data ad;
        struct file *file, *devnull = NULL;
        struct tty_struct *tty;
                                        if (devnull) {
                                                get_file(devnull);
                                        } else {
-                                               devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
+                                               devnull = dentry_open(
+                                                       dget(selinux_null),
+                                                       mntget(selinuxfs_mount),
+                                                       O_RDWR, cred);
                                                if (IS_ERR(devnull)) {
                                                        devnull = NULL;
                                                        put_unused_fd(fd);
  */
 static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
 {
+       const struct cred *cred = current_cred();
        struct task_security_struct *tsec;
        struct rlimit *rlim, *initrlim;
        struct itimerval itimer;
                return;
 
        /* Close files for which the new task SID is not authorized. */
-       flush_unauthorized_files(current->files);
+       flush_unauthorized_files(cred, current->files);
 
        /* Check whether the new SID can inherit signal state
           from the old SID.  If not, clear itimers to avoid
        return file_has_perm(cred, file, file_to_av(file));
 }
 
-static int selinux_dentry_open(struct file *file)
+static int selinux_dentry_open(struct file *file, const struct cred *cred)
 {
-       const struct cred *cred = current_cred();
        struct file_security_struct *fsec;
        struct inode *inode;
        struct inode_security_struct *isec;