diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-07-09 15:09:43 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-07-09 15:09:43 -0400 |
| commit | be0c5d8c0bb0023e11f5c6d38e90f7b0f24edb64 (patch) | |
| tree | 6d7a6e290f8ed2f2ca250965a8debdd9f02a9cc9 /security/security.c | |
| parent | 1f792dd1765e6f047ecd2d5f6a81f025b50d471a (diff) | |
| parent | 959d921f5eb8878ea16049a7f6e9bcbb6dfbcb88 (diff) | |
Merge tag 'nfs-for-3.11-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client updates from Trond Myklebust:
"Feature highlights include:
- Add basic client support for NFSv4.2
- Add basic client support for Labeled NFS (selinux for NFSv4.2)
- Fix the use of credentials in NFSv4.1 stateful operations, and add
support for NFSv4.1 state protection.
Bugfix highlights:
- Fix another NFSv4 open state recovery race
- Fix an NFSv4.1 back channel session regression
- Various rpc_pipefs races
- Fix another issue with NFSv3 auth negotiation
Please note that Labeled NFS does require some additional support from
the security subsystem. The relevant changesets have all been
reviewed and acked by James Morris."
* tag 'nfs-for-3.11-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (54 commits)
NFS: Set NFS_CS_MIGRATION for NFSv4 mounts
NFSv4.1 Refactor nfs4_init_session and nfs4_init_channel_attrs
nfs: have NFSv3 try server-specified auth flavors in turn
nfs: have nfs_mount fake up a auth_flavs list when the server didn't provide it
nfs: move server_authlist into nfs_try_mount_request
nfs: refactor "need_mount" code out of nfs_try_mount
SUNRPC: PipeFS MOUNT notification optimization for dying clients
SUNRPC: split client creation routine into setup and registration
SUNRPC: fix races on PipeFS UMOUNT notifications
SUNRPC: fix races on PipeFS MOUNT notifications
NFSv4.1 use pnfs_device maxcount for the objectlayout gdia_maxcount
NFSv4.1 use pnfs_device maxcount for the blocklayout gdia_maxcount
NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize
NFS: Improve legacy idmapping fallback
NFSv4.1 end back channel session draining
NFS: Apply v4.1 capabilities to v4.2
NFSv4.1: Clean up layout segment comparison helper names
NFSv4.1: layout segment comparison helpers should take 'const' parameters
NFSv4: Move the DNS resolver into the NFSv4 module
rpc_pipefs: only set rpc_dentry_ops if d_op isn't already set
...
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c index a3dce87d1aef..94b35aef6871 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -12,6 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include <linux/capability.h> | 14 | #include <linux/capability.h> |
| 15 | #include <linux/dcache.h> | ||
| 15 | #include <linux/module.h> | 16 | #include <linux/module.h> |
| 16 | #include <linux/init.h> | 17 | #include <linux/init.h> |
| 17 | #include <linux/kernel.h> | 18 | #include <linux/kernel.h> |
| @@ -293,9 +294,12 @@ int security_sb_pivotroot(struct path *old_path, struct path *new_path) | |||
| 293 | } | 294 | } |
| 294 | 295 | ||
| 295 | int security_sb_set_mnt_opts(struct super_block *sb, | 296 | int security_sb_set_mnt_opts(struct super_block *sb, |
| 296 | struct security_mnt_opts *opts) | 297 | struct security_mnt_opts *opts, |
| 298 | unsigned long kern_flags, | ||
| 299 | unsigned long *set_kern_flags) | ||
| 297 | { | 300 | { |
| 298 | return security_ops->sb_set_mnt_opts(sb, opts); | 301 | return security_ops->sb_set_mnt_opts(sb, opts, kern_flags, |
| 302 | set_kern_flags); | ||
| 299 | } | 303 | } |
| 300 | EXPORT_SYMBOL(security_sb_set_mnt_opts); | 304 | EXPORT_SYMBOL(security_sb_set_mnt_opts); |
| 301 | 305 | ||
| @@ -324,6 +328,15 @@ void security_inode_free(struct inode *inode) | |||
| 324 | security_ops->inode_free_security(inode); | 328 | security_ops->inode_free_security(inode); |
| 325 | } | 329 | } |
| 326 | 330 | ||
| 331 | int security_dentry_init_security(struct dentry *dentry, int mode, | ||
| 332 | struct qstr *name, void **ctx, | ||
| 333 | u32 *ctxlen) | ||
| 334 | { | ||
| 335 | return security_ops->dentry_init_security(dentry, mode, name, | ||
| 336 | ctx, ctxlen); | ||
| 337 | } | ||
| 338 | EXPORT_SYMBOL(security_dentry_init_security); | ||
| 339 | |||
| 327 | int security_inode_init_security(struct inode *inode, struct inode *dir, | 340 | int security_inode_init_security(struct inode *inode, struct inode *dir, |
| 328 | const struct qstr *qstr, | 341 | const struct qstr *qstr, |
| 329 | const initxattrs initxattrs, void *fs_data) | 342 | const initxattrs initxattrs, void *fs_data) |
| @@ -647,6 +660,7 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer | |||
| 647 | return 0; | 660 | return 0; |
| 648 | return security_ops->inode_listsecurity(inode, buffer, buffer_size); | 661 | return security_ops->inode_listsecurity(inode, buffer, buffer_size); |
| 649 | } | 662 | } |
| 663 | EXPORT_SYMBOL(security_inode_listsecurity); | ||
| 650 | 664 | ||
| 651 | void security_inode_getsecid(const struct inode *inode, u32 *secid) | 665 | void security_inode_getsecid(const struct inode *inode, u32 *secid) |
| 652 | { | 666 | { |
| @@ -1047,6 +1061,12 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
| 1047 | return security_ops->netlink_send(sk, skb); | 1061 | return security_ops->netlink_send(sk, skb); |
| 1048 | } | 1062 | } |
| 1049 | 1063 | ||
| 1064 | int security_ismaclabel(const char *name) | ||
| 1065 | { | ||
| 1066 | return security_ops->ismaclabel(name); | ||
| 1067 | } | ||
| 1068 | EXPORT_SYMBOL(security_ismaclabel); | ||
| 1069 | |||
| 1050 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 1070 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
| 1051 | { | 1071 | { |
| 1052 | return security_ops->secid_to_secctx(secid, secdata, seclen); | 1072 | return security_ops->secid_to_secctx(secid, secdata, seclen); |