diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-09-09 16:01:39 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-09 16:57:27 -0400 |
commit | 10f47e6a1b8b276323b652053945c87a63a5812d (patch) | |
tree | a927d6a4129cb9d76e96d2434b4dde7c1aff76d5 /fs | |
parent | 5e41ff9e0650f327a6c819841fa412da95d57319 (diff) |
[PATCH] ext2: Enable atomic inode security labeling
This patch modifies ext2 to call the inode_init_security LSM hook to obtain
the security attribute for a newly created inode and to set the resulting
attribute on the new inode. This parallels the existing processing for
setting ACLs on newly created inodes.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ext2/ialloc.c | 5 | ||||
-rw-r--r-- | fs/ext2/xattr.h | 8 | ||||
-rw-r--r-- | fs/ext2/xattr_security.c | 22 |
3 files changed, 35 insertions, 0 deletions
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c index 161f156d98c8..c8d07030c897 100644 --- a/fs/ext2/ialloc.c +++ b/fs/ext2/ialloc.c | |||
@@ -615,6 +615,11 @@ got: | |||
615 | DQUOT_DROP(inode); | 615 | DQUOT_DROP(inode); |
616 | goto fail2; | 616 | goto fail2; |
617 | } | 617 | } |
618 | err = ext2_init_security(inode,dir); | ||
619 | if (err) { | ||
620 | DQUOT_FREE_INODE(inode); | ||
621 | goto fail2; | ||
622 | } | ||
618 | mark_inode_dirty(inode); | 623 | mark_inode_dirty(inode); |
619 | ext2_debug("allocating inode %lu\n", inode->i_ino); | 624 | ext2_debug("allocating inode %lu\n", inode->i_ino); |
620 | ext2_preread_inode(inode); | 625 | ext2_preread_inode(inode); |
diff --git a/fs/ext2/xattr.h b/fs/ext2/xattr.h index 5f3bfde3b810..67cfeb66e897 100644 --- a/fs/ext2/xattr.h +++ b/fs/ext2/xattr.h | |||
@@ -116,3 +116,11 @@ exit_ext2_xattr(void) | |||
116 | 116 | ||
117 | # endif /* CONFIG_EXT2_FS_XATTR */ | 117 | # endif /* CONFIG_EXT2_FS_XATTR */ |
118 | 118 | ||
119 | #ifdef CONFIG_EXT2_FS_SECURITY | ||
120 | extern int ext2_init_security(struct inode *inode, struct inode *dir); | ||
121 | #else | ||
122 | static inline int ext2_init_security(struct inode *inode, struct inode *dir) | ||
123 | { | ||
124 | return 0; | ||
125 | } | ||
126 | #endif | ||
diff --git a/fs/ext2/xattr_security.c b/fs/ext2/xattr_security.c index 6a6c59fbe599..a26612798471 100644 --- a/fs/ext2/xattr_security.c +++ b/fs/ext2/xattr_security.c | |||
@@ -8,6 +8,7 @@ | |||
8 | #include <linux/fs.h> | 8 | #include <linux/fs.h> |
9 | #include <linux/smp_lock.h> | 9 | #include <linux/smp_lock.h> |
10 | #include <linux/ext2_fs.h> | 10 | #include <linux/ext2_fs.h> |
11 | #include <linux/security.h> | ||
11 | #include "xattr.h" | 12 | #include "xattr.h" |
12 | 13 | ||
13 | static size_t | 14 | static size_t |
@@ -45,6 +46,27 @@ ext2_xattr_security_set(struct inode *inode, const char *name, | |||
45 | value, size, flags); | 46 | value, size, flags); |
46 | } | 47 | } |
47 | 48 | ||
49 | int | ||
50 | ext2_init_security(struct inode *inode, struct inode *dir) | ||
51 | { | ||
52 | int err; | ||
53 | size_t len; | ||
54 | void *value; | ||
55 | char *name; | ||
56 | |||
57 | err = security_inode_init_security(inode, dir, &name, &value, &len); | ||
58 | if (err) { | ||
59 | if (err == -EOPNOTSUPP) | ||
60 | return 0; | ||
61 | return err; | ||
62 | } | ||
63 | err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY, | ||
64 | name, value, len, 0); | ||
65 | kfree(name); | ||
66 | kfree(value); | ||
67 | return err; | ||
68 | } | ||
69 | |||
48 | struct xattr_handler ext2_xattr_security_handler = { | 70 | struct xattr_handler ext2_xattr_security_handler = { |
49 | .prefix = XATTR_SECURITY_PREFIX, | 71 | .prefix = XATTR_SECURITY_PREFIX, |
50 | .list = ext2_xattr_security_list, | 72 | .list = ext2_xattr_security_list, |