[XFS] Add an XFS callout to security_inode_init_security; SE Linux is not

functional with XFS without this change. SGI-PV: 946762 SGI-Modid: xfs-linux-melb:xfs-kern:24766a Signed-off-by: Nathan Scott <nathans@sgi.com>
author: Nathan Scott <nathans@sgi.com> 2006-01-10 23:35:44 -0500
committer: Nathan Scott <nathans@sgi.com> 2006-01-10 23:35:44 -0500
commit: 446ada4a03808f128e8f28daa0f103dc69d22d5b (patch)
tree: b761443e2b7da0dfb1741413e2347b8cdf0b437f /fs
parent: c2cd2550603d847b709035c4c6b666adf560d7b8 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/fs/xfs/linux-2.6/xfs_iops.c b/fs/xfs/linux-2.6/xfs_iops.c
index 8fd274fc26d5..6bf770cfb006 100644
--- a/fs/xfs/linux-2.6/xfs_iops.c
+++ b/fs/xfs/linux-2.6/xfs_iops.c
@@ -53,6 +53,7 @@
 #include <linux/xattr.h>
 #include <linux/namei.h>
+#include <linux/security.h>
 #define IS_NOATIME(inode) ((inode->i_sb->s_flags & MS_NOATIME) ||       \
        (S_ISDIR(inode->i_mode) && inode->i_sb->s_flags & MS_NODIRATIME))
@@ -203,6 +204,39 @@ validate_fields(
 }
 /*
+ * Hook in SELinux.  This is not quite correct yet, what we really need
+ * here (as we do for default ACLs) is a mechanism by which creation of
+ * these attrs can be journalled at inode creation time (along with the
+ * inode, of course, such that log replay can't cause these to be lost).
+ */
+STATIC int
+linvfs_init_security(
+        struct vnode    *vp,
+        struct inode    *dir)
+{
+        struct inode    *ip = LINVFS_GET_IP(vp);
+        size_t          length;
+        void            *value;
+        char            *name;
+        int             error;
+        error = security_inode_init_security(ip, dir, &name, &value, &length);
+        if (error) {
+                if (error == -EOPNOTSUPP)
+                        return 0;
+                return -error;
+        }
+        VOP_ATTR_SET(vp, name, value, length, ATTR_SECURE, NULL, error);
+        if (!error)
+                VMODIFY(vp);
+        kfree(name);
+        kfree(value);
+        return error;
+}
+/*
 * Determine whether a process has a valid fs_struct (kernel daemons
 * like knfsd don't have an fs_struct).
 *
@@ -267,6 +301,9 @@ linvfs_mknod(
                break;
        }
+        if (!error)
+                error = linvfs_init_security(vp, dir);
        if (default_acl) {
                if (!error) {
                        error = _ACL_INHERIT(vp, &va, default_acl);
author	Nathan Scott <nathans@sgi.com>	2006-01-10 23:35:44 -0500
committer	Nathan Scott <nathans@sgi.com>	2006-01-10 23:35:44 -0500
commit	446ada4a03808f128e8f28daa0f103dc69d22d5b (patch)
tree	b761443e2b7da0dfb1741413e2347b8cdf0b437f /fs
parent	c2cd2550603d847b709035c4c6b666adf560d7b8 (diff)

diff --git a/fs/xfs/linux-2.6/xfs_iops.c b/fs/xfs/linux-2.6/xfs_iops.c index 8fd274fc26d5..6bf770cfb006 100644 --- a/fs/xfs/linux-2.6/xfs_iops.c +++ b/fs/xfs/linux-2.6/xfs_iops.c
@@ -53,6 +53,7 @@
53		53
54	#include <linux/xattr.h>	54	#include <linux/xattr.h>
55	#include <linux/namei.h>	55	#include <linux/namei.h>
		56	#include <linux/security.h>
56		57
57	#define IS_NOATIME(inode) ((inode->i_sb->s_flags & MS_NOATIME) \|\| \	58	#define IS_NOATIME(inode) ((inode->i_sb->s_flags & MS_NOATIME) \|\| \
58	(S_ISDIR(inode->i_mode) && inode->i_sb->s_flags & MS_NODIRATIME))	59	(S_ISDIR(inode->i_mode) && inode->i_sb->s_flags & MS_NODIRATIME))
@@ -203,6 +204,39 @@ validate_fields(
203	}	204	}
204		205
205	/*	206	/*
		207	* Hook in SELinux. This is not quite correct yet, what we really need
		208	* here (as we do for default ACLs) is a mechanism by which creation of
		209	* these attrs can be journalled at inode creation time (along with the
		210	* inode, of course, such that log replay can't cause these to be lost).
		211	*/
		212	STATIC int
		213	linvfs_init_security(
		214	struct vnode *vp,
		215	struct inode *dir)
		216	{
		217	struct inode *ip = LINVFS_GET_IP(vp);
		218	size_t length;
		219	void *value;
		220	char *name;
		221	int error;
		222
		223	error = security_inode_init_security(ip, dir, &name, &value, &length);
		224	if (error) {
		225	if (error == -EOPNOTSUPP)
		226	return 0;
		227	return -error;
		228	}
		229
		230	VOP_ATTR_SET(vp, name, value, length, ATTR_SECURE, NULL, error);
		231	if (!error)
		232	VMODIFY(vp);
		233
		234	kfree(name);
		235	kfree(value);
		236	return error;
		237	}
		238
		239	/*
206	* Determine whether a process has a valid fs_struct (kernel daemons	240	* Determine whether a process has a valid fs_struct (kernel daemons
207	* like knfsd don't have an fs_struct).	241	* like knfsd don't have an fs_struct).
208	*	242	*
@@ -267,6 +301,9 @@ linvfs_mknod(
267	break;	301	break;
268	}	302	}
269		303
		304	if (!error)
		305	error = linvfs_init_security(vp, dir);
		306
270	if (default_acl) {	307	if (default_acl) {
271	if (!error) {	308	if (!error) {
272	error = _ACL_INHERIT(vp, &va, default_acl);	309	error = _ACL_INHERIT(vp, &va, default_acl);