diff options
| author | Jeff Mahoney <jeffm@suse.com> | 2009-03-30 14:02:41 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-30 15:16:39 -0400 |
| commit | 57fe60df62410f949da094d06ced1dda9575b69c (patch) | |
| tree | f3ba5db112cd7d2a8865d16bece28c38a766145c /fs | |
| parent | a41f1a4715f26f7bc4d047d0bc7710145c8e69c7 (diff) | |
reiserfs: add atomic addition of selinux attributes during inode creation
Some time ago, some changes were made to make security inode attributes
be atomically written during inode creation. ReiserFS fell behind in
this area, but with the reworking of the xattr code, it's now fairly
easy to add.
The following patch adds the ability for security attributes to be added
automatically during inode creation.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/reiserfs/inode.c | 16 | ||||
| -rw-r--r-- | fs/reiserfs/namei.c | 37 | ||||
| -rw-r--r-- | fs/reiserfs/xattr_security.c | 54 |
3 files changed, 102 insertions, 5 deletions
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index 995f6975cae1..fcd302d81447 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c | |||
| @@ -1747,7 +1747,8 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th, | |||
| 1747 | /* 0 for regular, EMTRY_DIR_SIZE for dirs, | 1747 | /* 0 for regular, EMTRY_DIR_SIZE for dirs, |
| 1748 | strlen (symname) for symlinks) */ | 1748 | strlen (symname) for symlinks) */ |
| 1749 | loff_t i_size, struct dentry *dentry, | 1749 | loff_t i_size, struct dentry *dentry, |
| 1750 | struct inode *inode) | 1750 | struct inode *inode, |
| 1751 | struct reiserfs_security_handle *security) | ||
| 1751 | { | 1752 | { |
| 1752 | struct super_block *sb; | 1753 | struct super_block *sb; |
| 1753 | struct reiserfs_iget_args args; | 1754 | struct reiserfs_iget_args args; |
| @@ -1929,6 +1930,19 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th, | |||
| 1929 | } else if (IS_PRIVATE(dir)) | 1930 | } else if (IS_PRIVATE(dir)) |
| 1930 | inode->i_flags |= S_PRIVATE; | 1931 | inode->i_flags |= S_PRIVATE; |
| 1931 | 1932 | ||
| 1933 | if (security->name) { | ||
| 1934 | retval = reiserfs_security_write(th, inode, security); | ||
| 1935 | if (retval) { | ||
| 1936 | err = retval; | ||
| 1937 | reiserfs_check_path(&path_to_key); | ||
| 1938 | retval = journal_end(th, th->t_super, | ||
| 1939 | th->t_blocks_allocated); | ||
| 1940 | if (retval) | ||
| 1941 | err = retval; | ||
| 1942 | goto out_inserted_sd; | ||
| 1943 | } | ||
| 1944 | } | ||
| 1945 | |||
| 1932 | reiserfs_update_sd(th, inode); | 1946 | reiserfs_update_sd(th, inode); |
| 1933 | reiserfs_check_path(&path_to_key); | 1947 | reiserfs_check_path(&path_to_key); |
| 1934 | 1948 | ||
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c index d9c1c8bd2950..cb1a9e977907 100644 --- a/fs/reiserfs/namei.c +++ b/fs/reiserfs/namei.c | |||
| @@ -598,6 +598,7 @@ static int reiserfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
| 598 | 2 * (REISERFS_QUOTA_INIT_BLOCKS(dir->i_sb) + | 598 | 2 * (REISERFS_QUOTA_INIT_BLOCKS(dir->i_sb) + |
| 599 | REISERFS_QUOTA_TRANS_BLOCKS(dir->i_sb)); | 599 | REISERFS_QUOTA_TRANS_BLOCKS(dir->i_sb)); |
| 600 | struct reiserfs_transaction_handle th; | 600 | struct reiserfs_transaction_handle th; |
| 601 | struct reiserfs_security_handle security; | ||
| 601 | 602 | ||
| 602 | if (!(inode = new_inode(dir->i_sb))) { | 603 | if (!(inode = new_inode(dir->i_sb))) { |
| 603 | return -ENOMEM; | 604 | return -ENOMEM; |
| @@ -605,6 +606,12 @@ static int reiserfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
| 605 | new_inode_init(inode, dir, mode); | 606 | new_inode_init(inode, dir, mode); |
| 606 | 607 | ||
| 607 | jbegin_count += reiserfs_cache_default_acl(dir); | 608 | jbegin_count += reiserfs_cache_default_acl(dir); |
| 609 | retval = reiserfs_security_init(dir, inode, &security); | ||
| 610 | if (retval < 0) { | ||
| 611 | drop_new_inode(inode); | ||
| 612 | return retval; | ||
| 613 | } | ||
| 614 | jbegin_count += retval; | ||
| 608 | reiserfs_write_lock(dir->i_sb); | 615 | reiserfs_write_lock(dir->i_sb); |
| 609 | 616 | ||
| 610 | retval = journal_begin(&th, dir->i_sb, jbegin_count); | 617 | retval = journal_begin(&th, dir->i_sb, jbegin_count); |
| @@ -615,7 +622,7 @@ static int reiserfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
| 615 | 622 | ||
| 616 | retval = | 623 | retval = |
| 617 | reiserfs_new_inode(&th, dir, mode, NULL, 0 /*i_size */ , dentry, | 624 | reiserfs_new_inode(&th, dir, mode, NULL, 0 /*i_size */ , dentry, |
| 618 | inode); | 625 | inode, &security); |
| 619 | if (retval) | 626 | if (retval) |
| 620 | goto out_failed; | 627 | goto out_failed; |
| 621 | 628 | ||
| @@ -655,6 +662,7 @@ static int reiserfs_mknod(struct inode *dir, struct dentry *dentry, int mode, | |||
| 655 | int retval; | 662 | int retval; |
| 656 | struct inode *inode; | 663 | struct inode *inode; |
| 657 | struct reiserfs_transaction_handle th; | 664 | struct reiserfs_transaction_handle th; |
| 665 | struct reiserfs_security_handle security; | ||
| 658 | /* We need blocks for transaction + (user+group)*(quotas for new inode + update of quota for directory owner) */ | 666 | /* We need blocks for transaction + (user+group)*(quotas for new inode + update of quota for directory owner) */ |
| 659 | int jbegin_count = | 667 | int jbegin_count = |
| 660 | JOURNAL_PER_BALANCE_CNT * 3 + | 668 | JOURNAL_PER_BALANCE_CNT * 3 + |
| @@ -670,6 +678,12 @@ static int reiserfs_mknod(struct inode *dir, struct dentry *dentry, int mode, | |||
| 670 | new_inode_init(inode, dir, mode); | 678 | new_inode_init(inode, dir, mode); |
| 671 | 679 | ||
| 672 | jbegin_count += reiserfs_cache_default_acl(dir); | 680 | jbegin_count += reiserfs_cache_default_acl(dir); |
| 681 | retval = reiserfs_security_init(dir, inode, &security); | ||
| 682 | if (retval < 0) { | ||
| 683 | drop_new_inode(inode); | ||
| 684 | return retval; | ||
| 685 | } | ||
| 686 | jbegin_count += retval; | ||
| 673 | reiserfs_write_lock(dir->i_sb); | 687 | reiserfs_write_lock(dir->i_sb); |
| 674 | 688 | ||
| 675 | retval = journal_begin(&th, dir->i_sb, jbegin_count); | 689 | retval = journal_begin(&th, dir->i_sb, jbegin_count); |
| @@ -680,7 +694,7 @@ static int reiserfs_mknod(struct inode *dir, struct dentry *dentry, int mode, | |||
| 680 | 694 | ||
| 681 | retval = | 695 | retval = |
| 682 | reiserfs_new_inode(&th, dir, mode, NULL, 0 /*i_size */ , dentry, | 696 | reiserfs_new_inode(&th, dir, mode, NULL, 0 /*i_size */ , dentry, |
| 683 | inode); | 697 | inode, &security); |
| 684 | if (retval) { | 698 | if (retval) { |
| 685 | goto out_failed; | 699 | goto out_failed; |
| 686 | } | 700 | } |
| @@ -723,6 +737,7 @@ static int reiserfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
| 723 | int retval; | 737 | int retval; |
| 724 | struct inode *inode; | 738 | struct inode *inode; |
| 725 | struct reiserfs_transaction_handle th; | 739 | struct reiserfs_transaction_handle th; |
| 740 | struct reiserfs_security_handle security; | ||
| 726 | /* We need blocks for transaction + (user+group)*(quotas for new inode + update of quota for directory owner) */ | 741 | /* We need blocks for transaction + (user+group)*(quotas for new inode + update of quota for directory owner) */ |
| 727 | int jbegin_count = | 742 | int jbegin_count = |
| 728 | JOURNAL_PER_BALANCE_CNT * 3 + | 743 | JOURNAL_PER_BALANCE_CNT * 3 + |
| @@ -740,6 +755,12 @@ static int reiserfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
| 740 | new_inode_init(inode, dir, mode); | 755 | new_inode_init(inode, dir, mode); |
| 741 | 756 | ||
| 742 | jbegin_count += reiserfs_cache_default_acl(dir); | 757 | jbegin_count += reiserfs_cache_default_acl(dir); |
| 758 | retval = reiserfs_security_init(dir, inode, &security); | ||
| 759 | if (retval < 0) { | ||
| 760 | drop_new_inode(inode); | ||
| 761 | return retval; | ||
| 762 | } | ||
| 763 | jbegin_count += retval; | ||
| 743 | reiserfs_write_lock(dir->i_sb); | 764 | reiserfs_write_lock(dir->i_sb); |
| 744 | 765 | ||
| 745 | retval = journal_begin(&th, dir->i_sb, jbegin_count); | 766 | retval = journal_begin(&th, dir->i_sb, jbegin_count); |
| @@ -756,7 +777,7 @@ static int reiserfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
| 756 | retval = reiserfs_new_inode(&th, dir, mode, NULL /*symlink */ , | 777 | retval = reiserfs_new_inode(&th, dir, mode, NULL /*symlink */ , |
| 757 | old_format_only(dir->i_sb) ? | 778 | old_format_only(dir->i_sb) ? |
| 758 | EMPTY_DIR_SIZE_V1 : EMPTY_DIR_SIZE, | 779 | EMPTY_DIR_SIZE_V1 : EMPTY_DIR_SIZE, |
| 759 | dentry, inode); | 780 | dentry, inode, &security); |
| 760 | if (retval) { | 781 | if (retval) { |
| 761 | dir->i_nlink--; | 782 | dir->i_nlink--; |
| 762 | goto out_failed; | 783 | goto out_failed; |
| @@ -999,6 +1020,7 @@ static int reiserfs_symlink(struct inode *parent_dir, | |||
| 999 | char *name; | 1020 | char *name; |
| 1000 | int item_len; | 1021 | int item_len; |
| 1001 | struct reiserfs_transaction_handle th; | 1022 | struct reiserfs_transaction_handle th; |
| 1023 | struct reiserfs_security_handle security; | ||
| 1002 | int mode = S_IFLNK | S_IRWXUGO; | 1024 | int mode = S_IFLNK | S_IRWXUGO; |
| 1003 | /* We need blocks for transaction + (user+group)*(quotas for new inode + update of quota for directory owner) */ | 1025 | /* We need blocks for transaction + (user+group)*(quotas for new inode + update of quota for directory owner) */ |
| 1004 | int jbegin_count = | 1026 | int jbegin_count = |
| @@ -1011,6 +1033,13 @@ static int reiserfs_symlink(struct inode *parent_dir, | |||
| 1011 | } | 1033 | } |
| 1012 | new_inode_init(inode, parent_dir, mode); | 1034 | new_inode_init(inode, parent_dir, mode); |
| 1013 | 1035 | ||
| 1036 | retval = reiserfs_security_init(parent_dir, inode, &security); | ||
| 1037 | if (retval < 0) { | ||
| 1038 | drop_new_inode(inode); | ||
| 1039 | return retval; | ||
| 1040 | } | ||
| 1041 | jbegin_count += retval; | ||
| 1042 | |||
| 1014 | reiserfs_write_lock(parent_dir->i_sb); | 1043 | reiserfs_write_lock(parent_dir->i_sb); |
| 1015 | item_len = ROUND_UP(strlen(symname)); | 1044 | item_len = ROUND_UP(strlen(symname)); |
| 1016 | if (item_len > MAX_DIRECT_ITEM_LEN(parent_dir->i_sb->s_blocksize)) { | 1045 | if (item_len > MAX_DIRECT_ITEM_LEN(parent_dir->i_sb->s_blocksize)) { |
| @@ -1037,7 +1066,7 @@ static int reiserfs_symlink(struct inode *parent_dir, | |||
| 1037 | 1066 | ||
| 1038 | retval = | 1067 | retval = |
| 1039 | reiserfs_new_inode(&th, parent_dir, mode, name, strlen(symname), | 1068 | reiserfs_new_inode(&th, parent_dir, mode, name, strlen(symname), |
| 1040 | dentry, inode); | 1069 | dentry, inode, &security); |
| 1041 | kfree(name); | 1070 | kfree(name); |
| 1042 | if (retval) { /* reiserfs_new_inode iputs for us */ | 1071 | if (retval) { /* reiserfs_new_inode iputs for us */ |
| 1043 | goto out_failed; | 1072 | goto out_failed; |
diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 2aacf1fe69fd..4d3c20e787c3 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c | |||
| @@ -4,6 +4,7 @@ | |||
| 4 | #include <linux/pagemap.h> | 4 | #include <linux/pagemap.h> |
| 5 | #include <linux/xattr.h> | 5 | #include <linux/xattr.h> |
| 6 | #include <linux/reiserfs_xattr.h> | 6 | #include <linux/reiserfs_xattr.h> |
| 7 | #include <linux/security.h> | ||
| 7 | #include <asm/uaccess.h> | 8 | #include <asm/uaccess.h> |
| 8 | 9 | ||
| 9 | static int | 10 | static int |
| @@ -47,6 +48,59 @@ static size_t security_list(struct inode *inode, char *list, size_t list_len, | |||
| 47 | return len; | 48 | return len; |
| 48 | } | 49 | } |
| 49 | 50 | ||
| 51 | /* Initializes the security context for a new inode and returns the number | ||
| 52 | * of blocks needed for the transaction. If successful, reiserfs_security | ||
| 53 | * must be released using reiserfs_security_free when the caller is done. */ | ||
| 54 | int reiserfs_security_init(struct inode *dir, struct inode *inode, | ||
| 55 | struct reiserfs_security_handle *sec) | ||
| 56 | { | ||
| 57 | int blocks = 0; | ||
| 58 | int error = security_inode_init_security(inode, dir, &sec->name, | ||
| 59 | &sec->value, &sec->length); | ||
| 60 | if (error) { | ||
| 61 | if (error == -EOPNOTSUPP) | ||
| 62 | error = 0; | ||
| 63 | |||
| 64 | sec->name = NULL; | ||
| 65 | sec->value = NULL; | ||
| 66 | sec->length = 0; | ||
| 67 | return error; | ||
| 68 | } | ||
| 69 | |||
| 70 | if (sec->length) { | ||
| 71 | blocks = reiserfs_xattr_jcreate_nblocks(inode) + | ||
| 72 | reiserfs_xattr_nblocks(inode, sec->length); | ||
| 73 | /* We don't want to count the directories twice if we have | ||
| 74 | * a default ACL. */ | ||
| 75 | REISERFS_I(inode)->i_flags |= i_has_xattr_dir; | ||
| 76 | } | ||
| 77 | return blocks; | ||
| 78 | } | ||
| 79 | |||
| 80 | int reiserfs_security_write(struct reiserfs_transaction_handle *th, | ||
| 81 | struct inode *inode, | ||
| 82 | struct reiserfs_security_handle *sec) | ||
| 83 | { | ||
| 84 | int error; | ||
| 85 | if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX)) | ||
| 86 | return -EINVAL; | ||
| 87 | |||
| 88 | error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value, | ||
| 89 | sec->length, XATTR_CREATE); | ||
| 90 | if (error == -ENODATA || error == -EOPNOTSUPP) | ||
| 91 | error = 0; | ||
| 92 | |||
| 93 | return error; | ||
| 94 | } | ||
| 95 | |||
| 96 | void reiserfs_security_free(struct reiserfs_security_handle *sec) | ||
| 97 | { | ||
| 98 | kfree(sec->name); | ||
| 99 | kfree(sec->value); | ||
| 100 | sec->name = NULL; | ||
| 101 | sec->value = NULL; | ||
| 102 | } | ||
| 103 | |||
| 50 | struct xattr_handler reiserfs_xattr_security_handler = { | 104 | struct xattr_handler reiserfs_xattr_security_handler = { |
| 51 | .prefix = XATTR_SECURITY_PREFIX, | 105 | .prefix = XATTR_SECURITY_PREFIX, |
| 52 | .get = security_get, | 106 | .get = security_get, |