NFS: Extend NFS xattr handlers to accept the security namespace

The existing NFSv4 xattr handlers do not accept xattr calls to the security namespace. This patch extends these handlers to accept xattrs from the security namespace in addition to the default NFSv4 ACL namespace. Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: David Quigley <dpquigl@davequigley.com> 2013-05-22 12:50:45 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2013-06-08 16:20:17 -0400
commit: c9bccef6b98ae563f725f6e315d8adc685239781 (patch)
tree: 3e8d201cd4515c85b6f85a6ee3f42436c66bdbb2
parent: aa9c2669626ca7e5e5bab28e6caeb583fd40099b (diff)
2 files changed, 51 insertions, 0 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 1dc7aec8e946..dfef23f1a66a 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -5640,6 +5640,53 @@ static size_t nfs4_xattr_list_nfs4_acl(struct dentry *dentry, char *list,
        return len;
 }
+#ifdef CONFIG_NFS_V4_SECURITY_LABEL
+static inline int nfs4_server_supports_labels(struct nfs_server *server)
+{
+        return server->caps & NFS_CAP_SECURITY_LABEL;
+}
+static int nfs4_xattr_set_nfs4_label(struct dentry *dentry, const char *key,
+                                   const void *buf, size_t buflen,
+                                   int flags, int type)
+{
+        if (security_ismaclabel(key))
+                return nfs4_set_security_label(dentry, buf, buflen);
+        return -EOPNOTSUPP;
+}
+static int nfs4_xattr_get_nfs4_label(struct dentry *dentry, const char *key,
+                                   void *buf, size_t buflen, int type)
+{
+        if (security_ismaclabel(key))
+                return nfs4_get_security_label(dentry->d_inode, buf, buflen);
+        return -EOPNOTSUPP;
+}
+static size_t nfs4_xattr_list_nfs4_label(struct dentry *dentry, char *list,
+                                       size_t list_len, const char *name,
+                                       size_t name_len, int type)
+{
+        size_t len = 0;
+        if (nfs_server_capable(dentry->d_inode, NFS_CAP_SECURITY_LABEL)) {
+                len = security_inode_listsecurity(dentry->d_inode, NULL, 0);
+                if (list && len <= list_len)
+                        security_inode_listsecurity(dentry->d_inode, list, len);
+        }
+        return len;
+}
+static const struct xattr_handler nfs4_xattr_nfs4_label_handler = {
+        .prefix = XATTR_SECURITY_PREFIX,
+        .list   = nfs4_xattr_list_nfs4_label,
+        .get    = nfs4_xattr_get_nfs4_label,
+        .set    = nfs4_xattr_set_nfs4_label,
+};
+#endif
 /*
 * nfs_fhget will use either the mounted_on_fileid or the fileid
 */
@@ -7468,6 +7515,9 @@ static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = {
 const struct xattr_handler *nfs4_xattr_handlers[] = {
        &nfs4_xattr_nfs4_acl_handler,
+#ifdef CONFIG_NFS_V4_SECURITY_LABEL
+        &nfs4_xattr_nfs4_label_handler,
+#endif
        NULL
 };
diff --git a/security/security.c b/security/security.c
index 8d0b9a79611a..94b35aef6871 100644
--- a/security/security.c
+++ b/security/security.c
@@ -660,6 +660,7 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
                return 0;
        return security_ops->inode_listsecurity(inode, buffer, buffer_size);
 }
+EXPORT_SYMBOL(security_inode_listsecurity);
 void security_inode_getsecid(const struct inode *inode, u32 *secid)
 {
author	David Quigley <dpquigl@davequigley.com>	2013-05-22 12:50:45 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2013-06-08 16:20:17 -0400
commit	c9bccef6b98ae563f725f6e315d8adc685239781 (patch)
tree	3e8d201cd4515c85b6f85a6ee3f42436c66bdbb2
parent	aa9c2669626ca7e5e5bab28e6caeb583fd40099b (diff)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 1dc7aec8e946..dfef23f1a66a 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c
@@ -5640,6 +5640,53 @@ static size_t nfs4_xattr_list_nfs4_acl(struct dentry dentry, char list,
5640	return len;	5640	return len;
5641	}	5641	}
5642		5642
		5643	#ifdef CONFIG_NFS_V4_SECURITY_LABEL
		5644	static inline int nfs4_server_supports_labels(struct nfs_server *server)
		5645	{
		5646	return server->caps & NFS_CAP_SECURITY_LABEL;
		5647	}
		5648
		5649	static int nfs4_xattr_set_nfs4_label(struct dentry dentry, const char key,
		5650	const void *buf, size_t buflen,
		5651	int flags, int type)
		5652	{
		5653	if (security_ismaclabel(key))
		5654	return nfs4_set_security_label(dentry, buf, buflen);
		5655
		5656	return -EOPNOTSUPP;
		5657	}
		5658
		5659	static int nfs4_xattr_get_nfs4_label(struct dentry dentry, const char key,
		5660	void *buf, size_t buflen, int type)
		5661	{
		5662	if (security_ismaclabel(key))
		5663	return nfs4_get_security_label(dentry->d_inode, buf, buflen);
		5664	return -EOPNOTSUPP;
		5665	}
		5666
		5667	static size_t nfs4_xattr_list_nfs4_label(struct dentry dentry, char list,
		5668	size_t list_len, const char *name,
		5669	size_t name_len, int type)
		5670	{
		5671	size_t len = 0;
		5672
		5673	if (nfs_server_capable(dentry->d_inode, NFS_CAP_SECURITY_LABEL)) {
		5674	len = security_inode_listsecurity(dentry->d_inode, NULL, 0);
		5675	if (list && len <= list_len)
		5676	security_inode_listsecurity(dentry->d_inode, list, len);
		5677	}
		5678	return len;
		5679	}
		5680
		5681	static const struct xattr_handler nfs4_xattr_nfs4_label_handler = {
		5682	.prefix = XATTR_SECURITY_PREFIX,
		5683	.list = nfs4_xattr_list_nfs4_label,
		5684	.get = nfs4_xattr_get_nfs4_label,
		5685	.set = nfs4_xattr_set_nfs4_label,
		5686	};
		5687	#endif
		5688
		5689
5643	/*	5690	/*
5644	* nfs_fhget will use either the mounted_on_fileid or the fileid	5691	* nfs_fhget will use either the mounted_on_fileid or the fileid
5645	*/	5692	*/
@@ -7468,6 +7515,9 @@ static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = {
7468		7515
7469	const struct xattr_handler *nfs4_xattr_handlers[] = {	7516	const struct xattr_handler *nfs4_xattr_handlers[] = {
7470	&nfs4_xattr_nfs4_acl_handler,	7517	&nfs4_xattr_nfs4_acl_handler,
		7518	#ifdef CONFIG_NFS_V4_SECURITY_LABEL
		7519	&nfs4_xattr_nfs4_label_handler,
		7520	#endif
7471	NULL	7521	NULL
7472	};	7522	};
7473		7523


diff --git a/security/security.c b/security/security.c index 8d0b9a79611a..94b35aef6871 100644 --- a/security/security.c +++ b/security/security.c
@@ -660,6 +660,7 @@ int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer
660	return 0;	660	return 0;
661	return security_ops->inode_listsecurity(inode, buffer, buffer_size);	661	return security_ops->inode_listsecurity(inode, buffer, buffer_size);
662	}	662	}
		663	EXPORT_SYMBOL(security_inode_listsecurity);
663		664
664	void security_inode_getsecid(const struct inode inode, u32 secid)	665	void security_inode_getsecid(const struct inode inode, u32 secid)
665	{	666	{