diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-06-06 15:29:25 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-07-18 12:29:38 -0400 |
| commit | 9d8f13ba3f4833219e50767b022b82cd0da930eb (patch) | |
| tree | 3ba2367380d009111ea17696162a62320c88d144 /fs/xfs | |
| parent | 0f2a55d5bb2372058275b0b343d90dd5d640d045 (diff) | |
security: new security_inode_init_security API adds function callback
This patch changes the security_inode_init_security API by adding a
filesystem specific callback to write security extended attributes.
This change is in preparation for supporting the initialization of
multiple LSM xattrs and the EVM xattr. Initially the callback function
walks an array of xattrs, writing each xattr separately, but could be
optimized to write multiple xattrs at once.
For existing security_inode_init_security() calls, which have not yet
been converted to use the new callback function, such as those in
reiserfs and ocfs2, this patch defines security_old_inode_init_security().
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'fs/xfs')
| -rw-r--r-- | fs/xfs/linux-2.6/xfs_iops.c | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/fs/xfs/linux-2.6/xfs_iops.c b/fs/xfs/linux-2.6/xfs_iops.c index d44d92cd12b1..27a3658b830f 100644 --- a/fs/xfs/linux-2.6/xfs_iops.c +++ b/fs/xfs/linux-2.6/xfs_iops.c | |||
| @@ -93,37 +93,38 @@ xfs_mark_inode_dirty( | |||
| 93 | mark_inode_dirty(inode); | 93 | mark_inode_dirty(inode); |
| 94 | } | 94 | } |
| 95 | 95 | ||
| 96 | |||
| 97 | int xfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, | ||
| 98 | void *fs_info) | ||
| 99 | { | ||
| 100 | const struct xattr *xattr; | ||
| 101 | struct xfs_inode *ip = XFS_I(inode); | ||
| 102 | int error = 0; | ||
| 103 | |||
| 104 | for (xattr = xattr_array; xattr->name != NULL; xattr++) { | ||
| 105 | error = xfs_attr_set(ip, xattr->name, xattr->value, | ||
| 106 | xattr->value_len, ATTR_SECURE); | ||
| 107 | if (error < 0) | ||
| 108 | break; | ||
| 109 | } | ||
| 110 | return error; | ||
| 111 | } | ||
| 112 | |||
| 96 | /* | 113 | /* |
| 97 | * Hook in SELinux. This is not quite correct yet, what we really need | 114 | * Hook in SELinux. This is not quite correct yet, what we really need |
| 98 | * here (as we do for default ACLs) is a mechanism by which creation of | 115 | * here (as we do for default ACLs) is a mechanism by which creation of |
| 99 | * these attrs can be journalled at inode creation time (along with the | 116 | * these attrs can be journalled at inode creation time (along with the |
| 100 | * inode, of course, such that log replay can't cause these to be lost). | 117 | * inode, of course, such that log replay can't cause these to be lost). |
| 101 | */ | 118 | */ |
| 119 | |||
| 102 | STATIC int | 120 | STATIC int |
| 103 | xfs_init_security( | 121 | xfs_init_security( |
| 104 | struct inode *inode, | 122 | struct inode *inode, |
| 105 | struct inode *dir, | 123 | struct inode *dir, |
| 106 | const struct qstr *qstr) | 124 | const struct qstr *qstr) |
| 107 | { | 125 | { |
| 108 | struct xfs_inode *ip = XFS_I(inode); | 126 | return security_inode_init_security(inode, dir, qstr, |
| 109 | size_t length; | 127 | &xfs_initxattrs, NULL); |
| 110 | void *value; | ||
| 111 | unsigned char *name; | ||
| 112 | int error; | ||
| 113 | |||
| 114 | error = security_inode_init_security(inode, dir, qstr, (char **)&name, | ||
| 115 | &value, &length); | ||
| 116 | if (error) { | ||
| 117 | if (error == -EOPNOTSUPP) | ||
| 118 | return 0; | ||
| 119 | return -error; | ||
| 120 | } | ||
| 121 | |||
| 122 | error = xfs_attr_set(ip, name, value, length, ATTR_SECURE); | ||
| 123 | |||
| 124 | kfree(name); | ||
| 125 | kfree(value); | ||
| 126 | return error; | ||
| 127 | } | 128 | } |
| 128 | 129 | ||
| 129 | static void | 130 | static void |