After creating the initial LSM security extended attribute, call evm_inode_post_init_security() to create the 'security.evm' extended attribute.
Signed-off-by: Mimi Zohar <[email protected]> --- fs/jfs/xattr.c | 45 +++++++++++++++++++++++++++++++-------------- 1 files changed, 31 insertions(+), 14 deletions(-) diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 24838f1..68b4ec6 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -24,6 +24,7 @@ #include <linux/slab.h> #include <linux/quotaops.h> #include <linux/security.h> +#include <linux/evm.h> #include "jfs_incore.h" #include "jfs_superblock.h" #include "jfs_dmap.h" @@ -1095,33 +1096,49 @@ int jfs_init_security(tid_t tid, struct inode *inode, struct inode *dir, const struct qstr *qstr) { int rc; - size_t len; - void *value; - char *suffix; + struct xattr lsm_xattr; + struct xattr evm_xattr; char *name; - rc = security_inode_init_security(inode, dir, qstr, &suffix, &value, - &len); + rc = security_inode_init_security(inode, dir, qstr, &lsm_xattr.name, + &lsm_xattr.value, + &lsm_xattr.value_len); if (rc) { if (rc == -EOPNOTSUPP) return 0; return rc; } - name = kmalloc(XATTR_SECURITY_PREFIX_LEN + 1 + strlen(suffix), + name = kmalloc(XATTR_SECURITY_PREFIX_LEN + 1 + strlen(lsm_xattr.name), GFP_NOFS); if (!name) { rc = -ENOMEM; - goto kmalloc_failed; - } - strcpy(name, XATTR_SECURITY_PREFIX); - strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix); + } else { + strcpy(name, XATTR_SECURITY_PREFIX); + strcpy(name + XATTR_SECURITY_PREFIX_LEN, lsm_xattr.name); - rc = __jfs_setxattr(tid, inode, name, value, len, 0); + rc = __jfs_setxattr(tid, inode, name, lsm_xattr.value, + lsm_xattr.value_len, 0); + kfree(name); + } + if (rc) + goto kmalloc_failed; - kfree(name); + rc = evm_inode_post_init_security(inode, &lsm_xattr, &evm_xattr); + if (rc) + goto kmalloc_failed; + name = kasprintf(GFP_NOFS, "%s%s", XATTR_SECURITY_PREFIX, + evm_xattr.name); + if (!name) { + rc = -ENOMEM; + } else { + rc = __jfs_setxattr(tid, inode, name, evm_xattr.value, + evm_xattr.value_len, 0); + kfree(name); + } + kfree(evm_xattr.value); kmalloc_failed: - kfree(suffix); - kfree(value); + kfree(lsm_xattr.name); + kfree(lsm_xattr.value); return rc; } -- 1.7.3.4 ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Jfs-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jfs-discussion
