aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-09-09 16:01:41 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-09 16:57:28 -0400
commitac50960afa31877493add6d941d8402fa879c452 (patch)
treeff6569e5f5412b8363a7c2f8ad11232cb29fb27f
parent10f47e6a1b8b276323b652053945c87a63a5812d (diff)
[PATCH] ext3: Enable atomic inode security labeling
This patch modifies ext3 to call the inode_init_security LSM hook to obtain the security attribute for a newly created inode and to set the resulting attribute on the new inode as part of the same transaction. This parallels the existing processing for setting ACLs on newly created inodes. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/ext3/ialloc.c5
-rw-r--r--fs/ext3/xattr.h11
-rw-r--r--fs/ext3/xattr_security.c22
3 files changed, 38 insertions, 0 deletions
diff --git a/fs/ext3/ialloc.c b/fs/ext3/ialloc.c
index 6981bd014ede..96552769d039 100644
--- a/fs/ext3/ialloc.c
+++ b/fs/ext3/ialloc.c
@@ -607,6 +607,11 @@ got:
607 DQUOT_DROP(inode); 607 DQUOT_DROP(inode);
608 goto fail2; 608 goto fail2;
609 } 609 }
610 err = ext3_init_security(handle,inode, dir);
611 if (err) {
612 DQUOT_FREE_INODE(inode);
613 goto fail2;
614 }
610 err = ext3_mark_inode_dirty(handle, inode); 615 err = ext3_mark_inode_dirty(handle, inode);
611 if (err) { 616 if (err) {
612 ext3_std_error(sb, err); 617 ext3_std_error(sb, err);
diff --git a/fs/ext3/xattr.h b/fs/ext3/xattr.h
index eb31a69e82dc..2ceae38f3d49 100644
--- a/fs/ext3/xattr.h
+++ b/fs/ext3/xattr.h
@@ -133,3 +133,14 @@ exit_ext3_xattr(void)
133#define ext3_xattr_handlers NULL 133#define ext3_xattr_handlers NULL
134 134
135# endif /* CONFIG_EXT3_FS_XATTR */ 135# endif /* CONFIG_EXT3_FS_XATTR */
136
137#ifdef CONFIG_EXT3_FS_SECURITY
138extern int ext3_init_security(handle_t *handle, struct inode *inode,
139 struct inode *dir);
140#else
141static inline int ext3_init_security(handle_t *handle, struct inode *inode,
142 struct inode *dir)
143{
144 return 0;
145}
146#endif
diff --git a/fs/ext3/xattr_security.c b/fs/ext3/xattr_security.c
index ddc1c41750e1..b9c40c15647b 100644
--- a/fs/ext3/xattr_security.c
+++ b/fs/ext3/xattr_security.c
@@ -9,6 +9,7 @@
9#include <linux/smp_lock.h> 9#include <linux/smp_lock.h>
10#include <linux/ext3_jbd.h> 10#include <linux/ext3_jbd.h>
11#include <linux/ext3_fs.h> 11#include <linux/ext3_fs.h>
12#include <linux/security.h>
12#include "xattr.h" 13#include "xattr.h"
13 14
14static size_t 15static size_t
@@ -47,6 +48,27 @@ ext3_xattr_security_set(struct inode *inode, const char *name,
47 value, size, flags); 48 value, size, flags);
48} 49}
49 50
51int
52ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir)
53{
54 int err;
55 size_t len;
56 void *value;
57 char *name;
58
59 err = security_inode_init_security(inode, dir, &name, &value, &len);
60 if (err) {
61 if (err == -EOPNOTSUPP)
62 return 0;
63 return err;
64 }
65 err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY,
66 name, value, len, 0);
67 kfree(name);
68 kfree(value);
69 return err;
70}
71
50struct xattr_handler ext3_xattr_security_handler = { 72struct xattr_handler ext3_xattr_security_handler = {
51 .prefix = XATTR_SECURITY_PREFIX, 73 .prefix = XATTR_SECURITY_PREFIX,
52 .list = ext3_xattr_security_list, 74 .list = ext3_xattr_security_list,