NFSD: Server implementation of MAC Labeling

Implement labeled NFS on the server: encoding and decoding, and writing and reading, of file labels. Enabled with CONFIG_NFSD_V4_SECURITY_LABEL. Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: David Quigley <dpquigl@davequigley.com> 2013-05-02 13:19:10 -0400
committer: J. Bruce Fields <bfields@redhat.com> 2013-05-15 09:27:02 -0400
commit: 18032ca062e621e15683cb61c066ef3dc5414a7b (patch)
tree: 18b061105452a5d47a85c0f693a151227ff3c02c /fs/nfsd/vfs.c
parent: 4bdc33ed5bd9fbaa243bda6fdccb22674aed6305 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 84ce601d8063..1e757fa45c40 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -28,6 +28,7 @@
 #include <asm/uaccess.h>
 #include <linux/exportfs.h>
 #include <linux/writeback.h>
+#include <linux/security.h>
 #ifdef CONFIG_NFSD_V3
 #include "xdr3.h"
@@ -621,6 +622,33 @@ int nfsd4_is_junction(struct dentry *dentry)
                return 0;
        return 1;
 }
+#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
+__be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp,
+                struct xdr_netobj *label)
+{
+        __be32 error;
+        int host_error;
+        struct dentry *dentry;
+        error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR);
+        if (error)
+                return error;
+        dentry = fhp->fh_dentry;
+        mutex_lock(&dentry->d_inode->i_mutex);
+        host_error = security_inode_setsecctx(dentry, label->data, label->len);
+        mutex_unlock(&dentry->d_inode->i_mutex);
+        return nfserrno(host_error);
+}
+#else
+__be32 nfsd4_set_nfs4_label(struct svc_rqst *rqstp, struct svc_fh *fhp,
+                struct xdr_netobj *label)
+{
+        return nfserr_notsupp;
+}
+#endif
 #endif /* defined(CONFIG_NFSD_V4) */
 #ifdef CONFIG_NFSD_V3
author	David Quigley <dpquigl@davequigley.com>	2013-05-02 13:19:10 -0400
committer	J. Bruce Fields <bfields@redhat.com>	2013-05-15 09:27:02 -0400
commit	18032ca062e621e15683cb61c066ef3dc5414a7b (patch)
tree	18b061105452a5d47a85c0f693a151227ff3c02c /fs/nfsd/vfs.c
parent	4bdc33ed5bd9fbaa243bda6fdccb22674aed6305 (diff)

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 84ce601d8063..1e757fa45c40 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c
@@ -28,6 +28,7 @@
28	#include <asm/uaccess.h>	28	#include <asm/uaccess.h>
29	#include <linux/exportfs.h>	29	#include <linux/exportfs.h>
30	#include <linux/writeback.h>	30	#include <linux/writeback.h>
		31	#include <linux/security.h>
31		32
32	#ifdef CONFIG_NFSD_V3	33	#ifdef CONFIG_NFSD_V3
33	#include "xdr3.h"	34	#include "xdr3.h"
@@ -621,6 +622,33 @@ int nfsd4_is_junction(struct dentry *dentry)
621	return 0;	622	return 0;
622	return 1;	623	return 1;
623	}	624	}
		625	#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
		626	__be32 nfsd4_set_nfs4_label(struct svc_rqst rqstp, struct svc_fh fhp,
		627	struct xdr_netobj *label)
		628	{
		629	__be32 error;
		630	int host_error;
		631	struct dentry *dentry;
		632
		633	error = fh_verify(rqstp, fhp, 0 /* S_IFREG */, NFSD_MAY_SATTR);
		634	if (error)
		635	return error;
		636
		637	dentry = fhp->fh_dentry;
		638
		639	mutex_lock(&dentry->d_inode->i_mutex);
		640	host_error = security_inode_setsecctx(dentry, label->data, label->len);
		641	mutex_unlock(&dentry->d_inode->i_mutex);
		642	return nfserrno(host_error);
		643	}
		644	#else
		645	__be32 nfsd4_set_nfs4_label(struct svc_rqst rqstp, struct svc_fh fhp,
		646	struct xdr_netobj *label)
		647	{
		648	return nfserr_notsupp;
		649	}
		650	#endif
		651
624	#endif /* defined(CONFIG_NFSD_V4) */	652	#endif /* defined(CONFIG_NFSD_V4) */
625		653
626	#ifdef CONFIG_NFSD_V3	654	#ifdef CONFIG_NFSD_V3