The patch titled
ext3: Enable atomic inode security labeling
has been added to the -mm tree. Its filename is
ext3-enable-atomic-inode-security-labeling.patch
Patches currently in -mm which might be from [EMAIL PROTECTED] are
security-enable-atomic-inode-security-labeling.patch
security-enable-atomic-inode-security-labeling-use-kstrdup.patch
ext2-enable-atomic-inode-security-labeling.patch
ext3-enable-atomic-inode-security-labeling.patch
From: Stephen Smalley <[EMAIL PROTECTED]>
This patch modifies ext3 to call the inode_init_security LSM hook to obtain
the security attribute for a newly created inode and to set the resulting
attribute on the new inode as part of the same transaction. This parallels
the existing processing for setting ACLs on newly created inodes.
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---
fs/ext3/ialloc.c | 5 +++++
fs/ext3/xattr.h | 1 +
fs/ext3/xattr_security.c | 22 ++++++++++++++++++++++
3 files changed, 28 insertions(+)
diff -puN fs/ext3/ialloc.c~ext3-enable-atomic-inode-security-labeling
fs/ext3/ialloc.c
--- 25/fs/ext3/ialloc.c~ext3-enable-atomic-inode-security-labeling Fri Jul
8 16:35:44 2005
+++ 25-akpm/fs/ext3/ialloc.c Fri Jul 8 16:35:44 2005
@@ -606,6 +606,11 @@ got:
DQUOT_FREE_INODE(inode);
goto fail2;
}
+ err = ext3_init_security(handle,inode, dir);
+ if (err) {
+ DQUOT_FREE_INODE(inode);
+ goto fail2;
+ }
err = ext3_mark_inode_dirty(handle, inode);
if (err) {
ext3_std_error(sb, err);
diff -puN fs/ext3/xattr.h~ext3-enable-atomic-inode-security-labeling
fs/ext3/xattr.h
--- 25/fs/ext3/xattr.h~ext3-enable-atomic-inode-security-labeling Fri Jul
8 16:35:44 2005
+++ 25-akpm/fs/ext3/xattr.h Fri Jul 8 16:35:44 2005
@@ -67,6 +67,7 @@ extern struct xattr_handler ext3_xattr_s
extern ssize_t ext3_listxattr(struct dentry *, char *, size_t);
+extern int ext3_init_security(handle_t *handle, struct inode *inode, struct
inode *dir);
extern int ext3_xattr_get(struct inode *, int, const char *, void *, size_t);
extern int ext3_xattr_list(struct inode *, char *, size_t);
extern int ext3_xattr_set(struct inode *, int, const char *, const void *,
size_t, int);
diff -puN fs/ext3/xattr_security.c~ext3-enable-atomic-inode-security-labeling
fs/ext3/xattr_security.c
--- 25/fs/ext3/xattr_security.c~ext3-enable-atomic-inode-security-labeling
Fri Jul 8 16:35:44 2005
+++ 25-akpm/fs/ext3/xattr_security.c Fri Jul 8 16:35:44 2005
@@ -9,6 +9,7 @@
#include <linux/smp_lock.h>
#include <linux/ext3_jbd.h>
#include <linux/ext3_fs.h>
+#include <linux/security.h>
#include "xattr.h"
static size_t
@@ -47,6 +48,27 @@ ext3_xattr_security_set(struct inode *in
value, size, flags);
}
+int
+ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir)
+{
+ int err;
+ size_t len;
+ void *value;
+ char *name;
+
+ err = security_inode_init_security(inode, dir, &name, &value, &len);
+ if (err) {
+ if (err == -EOPNOTSUPP)
+ return 0;
+ return err;
+ }
+ err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY,
+ name, value, len, 0);
+ kfree(name);
+ kfree(value);
+ return err;
+}
+
struct xattr_handler ext3_xattr_security_handler = {
.prefix = XATTR_SECURITY_PREFIX,
.list = ext3_xattr_security_list,
_
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
