On Fri, 2005-07-08 at 09:55 -0400, Stephen Smalley wrote:
> This patch modifies ext2 to call the inode_init_security LSM hook to
> obtain the security attribute for a newly created inode and to set the
> resulting attribute on the new inode. This parallels the existing
> processing for setting ACLs on newly created inodes.
>
> Please let me know if you have any comments or suggestions for improvement.
>
> fs/ext2/ialloc.c | 5 +++++
> fs/ext2/xattr.h | 1 +
> fs/ext2/xattr_security.c | 22 ++++++++++++++++++++++
> 3 files changed, 28 insertions(+)
>
> diff -X /home/sds/dontdiff -rup linux-2.6.13.clean/fs/ext2/ialloc.c
> linux-2.6.13/fs/ext2/ialloc.c
> --- linux-2.6.13.clean/fs/ext2/ialloc.c 2005-06-17 15:48:29.000000000
> -0400
> +++ linux-2.6.13/fs/ext2/ialloc.c 2005-07-06 10:55:37.000000000 -0400
> @@ -614,6 +614,11 @@ got:
> DQUOT_FREE_INODE(inode);
> goto fail2;
> }
> + err = ext2_init_security(inode,dir);
Won't this be unresolved if CONFIG_EXT2_FS_SECURITY is unset?
xattr_security.c won't be compiled at all. The ext3 patch has the same
problem.
BTW, I'm working on a patch for jfs. It's a little more complicated
since jfs's xattr code creates a transaction down in the lower level
code. I'm going to have to restructure it so the caller creates the
transaction and passes down the tid.
> + if (err) {
> + DQUOT_FREE_INODE(inode);
> + goto fail2;
> + }
> mark_inode_dirty(inode);
> ext2_debug("allocating inode %lu\n", inode->i_ino);
> ext2_preread_inode(inode);
> diff -X /home/sds/dontdiff -rup linux-2.6.13.clean/fs/ext2/xattr.h
> linux-2.6.13/fs/ext2/xattr.h
> --- linux-2.6.13.clean/fs/ext2/xattr.h 2005-06-17 15:48:29.000000000
> -0400
> +++ linux-2.6.13/fs/ext2/xattr.h 2005-07-06 10:55:37.000000000 -0400
> @@ -64,6 +64,7 @@ extern struct xattr_handler ext2_xattr_s
>
> extern ssize_t ext2_listxattr(struct dentry *, char *, size_t);
>
> +extern int ext2_init_security(struct inode *inode, struct inode *dir);
> extern int ext2_xattr_get(struct inode *, int, const char *, void *, size_t);
> extern int ext2_xattr_set(struct inode *, int, const char *, const void *,
> size_t, int);
>
> diff -X /home/sds/dontdiff -rup linux-2.6.13.clean/fs/ext2/xattr_security.c
> linux-2.6.13/fs/ext2/xattr_security.c
> --- linux-2.6.13.clean/fs/ext2/xattr_security.c 2005-06-17
> 15:48:29.000000000 -0400
> +++ linux-2.6.13/fs/ext2/xattr_security.c 2005-07-06 10:56:20.000000000
> -0400
> @@ -8,6 +8,7 @@
> #include <linux/fs.h>
> #include <linux/smp_lock.h>
> #include <linux/ext2_fs.h>
> +#include <linux/security.h>
> #include "xattr.h"
>
> static size_t
> @@ -45,6 +46,27 @@ ext2_xattr_security_set(struct inode *in
> value, size, flags);
> }
>
> +int
> +ext2_init_security(struct inode *inode, struct inode *dir)
> +{
> + int err;
> + size_t len;
> + void *value;
> + char *name;
> +
> + err = security_inode_init_security(inode, dir, &name, &value, &len);
> + if (err) {
> + if (err == -EOPNOTSUPP)
> + return 0;
> + return err;
> + }
> + err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY,
> + name, value, len, 0);
> + kfree(name);
> + kfree(value);
> + return err;
> +}
> +
> struct xattr_handler ext2_xattr_security_handler = {
> .prefix = XATTR_SECURITY_PREFIX,
> .list = ext2_xattr_security_list,
>
--
David Kleikamp
IBM Linux Technology Center
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
