aboutsummaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-09-09 16:01:43 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-09 16:57:28 -0400
commit570bc1c2e5ccdb408081e77507a385dc7ebed7fa (patch)
treed00d2df7c93899fa2028128c40961fec46ede471 /mm
parentac50960afa31877493add6d941d8402fa879c452 (diff)
[PATCH] tmpfs: Enable atomic inode security labeling
This patch modifies tmpfs to call the inode_init_security LSM hook to set up the incore inode security state for new inodes before the inode becomes accessible via the dcache. As there is no underlying storage of security xattrs in this case, it is not necessary for the hook to return the (name, value, len) triple to the tmpfs code, so this patch also modifies the SELinux hook function to correctly handle the case where the (name, value, len) pointers are NULL. The hook call is needed in tmpfs in order to support proper security labeling of tmpfs inodes (e.g. for udev with tmpfs /dev in Fedora). With this change in place, we should then be able to remove the security_inode_post_create/mkdir/... hooks safely. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm')
-rw-r--r--mm/shmem.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/mm/shmem.c b/mm/shmem.c
index 0d627a37da95..1f7aeb210c7b 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1608,6 +1608,15 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1608 int error = -ENOSPC; 1608 int error = -ENOSPC;
1609 1609
1610 if (inode) { 1610 if (inode) {
1611 error = security_inode_init_security(inode, dir, NULL, NULL,
1612 NULL);
1613 if (error) {
1614 if (error != -EOPNOTSUPP) {
1615 iput(inode);
1616 return error;
1617 }
1618 error = 0;
1619 }
1611 if (dir->i_mode & S_ISGID) { 1620 if (dir->i_mode & S_ISGID) {
1612 inode->i_gid = dir->i_gid; 1621 inode->i_gid = dir->i_gid;
1613 if (S_ISDIR(mode)) 1622 if (S_ISDIR(mode))
@@ -1617,7 +1626,6 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1617 dir->i_ctime = dir->i_mtime = CURRENT_TIME; 1626 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
1618 d_instantiate(dentry, inode); 1627 d_instantiate(dentry, inode);
1619 dget(dentry); /* Extra count - pin the dentry in core */ 1628 dget(dentry); /* Extra count - pin the dentry in core */
1620 error = 0;
1621 } 1629 }
1622 return error; 1630 return error;
1623} 1631}
@@ -1747,6 +1755,16 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
1747 if (!inode) 1755 if (!inode)
1748 return -ENOSPC; 1756 return -ENOSPC;
1749 1757
1758 error = security_inode_init_security(inode, dir, NULL, NULL,
1759 NULL);
1760 if (error) {
1761 if (error != -EOPNOTSUPP) {
1762 iput(inode);
1763 return error;
1764 }
1765 error = 0;
1766 }
1767
1750 info = SHMEM_I(inode); 1768 info = SHMEM_I(inode);
1751 inode->i_size = len-1; 1769 inode->i_size = len-1;
1752 if (len <= (char *)inode - (char *)info) { 1770 if (len <= (char *)inode - (char *)info) {