aboutsummaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-09-03 18:55:18 -0400
committerLinus Torvalds <torvalds@evo.osdl.org>2005-09-05 03:05:52 -0400
commitf549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1 (patch)
tree40d827736575f2a8c489761599e9a1e5e45005be /mm
parentb5bf6c55edf94e9c7fc01724d5b271f78eaf1d3f (diff)
[PATCH] Generic VFS fallback for security xattrs
This patch modifies the VFS setxattr, getxattr, and listxattr code to fall back to the security module for security xattrs if the filesystem does not support xattrs natively. This allows security modules to export the incore inode security label information to userspace even if the filesystem does not provide xattr storage, and eliminates the need to individually patch various pseudo filesystem types to provide such access. The patch removes the existing xattr code from devpts and tmpfs as it is then no longer needed. The patch restructures the code flow slightly to reduce duplication between the normal path and the fallback path, but this should only have one user-visible side effect - a program may get -EACCES rather than -EOPNOTSUPP if policy denied access but the filesystem didn't support the operation anyway. Note that the post_setxattr hook call is not needed in the fallback case, as the inode_setsecurity hook call handles the incore inode security state update directly. In contrast, we do call fsnotify in both cases. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm')
-rw-r--r--mm/shmem.c85
1 files changed, 0 insertions, 85 deletions
diff --git a/mm/shmem.c b/mm/shmem.c
index 08a3bc2fba61..bdc4bbb6ddbb 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -45,7 +45,6 @@
45#include <linux/swapops.h> 45#include <linux/swapops.h>
46#include <linux/mempolicy.h> 46#include <linux/mempolicy.h>
47#include <linux/namei.h> 47#include <linux/namei.h>
48#include <linux/xattr.h>
49#include <asm/uaccess.h> 48#include <asm/uaccess.h>
50#include <asm/div64.h> 49#include <asm/div64.h>
51#include <asm/pgtable.h> 50#include <asm/pgtable.h>
@@ -179,7 +178,6 @@ static struct address_space_operations shmem_aops;
179static struct file_operations shmem_file_operations; 178static struct file_operations shmem_file_operations;
180static struct inode_operations shmem_inode_operations; 179static struct inode_operations shmem_inode_operations;
181static struct inode_operations shmem_dir_inode_operations; 180static struct inode_operations shmem_dir_inode_operations;
182static struct inode_operations shmem_special_inode_operations;
183static struct vm_operations_struct shmem_vm_ops; 181static struct vm_operations_struct shmem_vm_ops;
184 182
185static struct backing_dev_info shmem_backing_dev_info = { 183static struct backing_dev_info shmem_backing_dev_info = {
@@ -1300,7 +1298,6 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
1300 1298
1301 switch (mode & S_IFMT) { 1299 switch (mode & S_IFMT) {
1302 default: 1300 default:
1303 inode->i_op = &shmem_special_inode_operations;
1304 init_special_inode(inode, mode, dev); 1301 init_special_inode(inode, mode, dev);
1305 break; 1302 break;
1306 case S_IFREG: 1303 case S_IFREG:
@@ -1804,12 +1801,6 @@ static void shmem_put_link(struct dentry *dentry, struct nameidata *nd, void *co
1804static struct inode_operations shmem_symlink_inline_operations = { 1801static struct inode_operations shmem_symlink_inline_operations = {
1805 .readlink = generic_readlink, 1802 .readlink = generic_readlink,
1806 .follow_link = shmem_follow_link_inline, 1803 .follow_link = shmem_follow_link_inline,
1807#ifdef CONFIG_TMPFS_XATTR
1808 .setxattr = generic_setxattr,
1809 .getxattr = generic_getxattr,
1810 .listxattr = generic_listxattr,
1811 .removexattr = generic_removexattr,
1812#endif
1813}; 1804};
1814 1805
1815static struct inode_operations shmem_symlink_inode_operations = { 1806static struct inode_operations shmem_symlink_inode_operations = {
@@ -1817,12 +1808,6 @@ static struct inode_operations shmem_symlink_inode_operations = {
1817 .readlink = generic_readlink, 1808 .readlink = generic_readlink,
1818 .follow_link = shmem_follow_link, 1809 .follow_link = shmem_follow_link,
1819 .put_link = shmem_put_link, 1810 .put_link = shmem_put_link,
1820#ifdef CONFIG_TMPFS_XATTR
1821 .setxattr = generic_setxattr,
1822 .getxattr = generic_getxattr,
1823 .listxattr = generic_listxattr,
1824 .removexattr = generic_removexattr,
1825#endif
1826}; 1811};
1827 1812
1828static int shmem_parse_options(char *options, int *mode, uid_t *uid, gid_t *gid, unsigned long *blocks, unsigned long *inodes) 1813static int shmem_parse_options(char *options, int *mode, uid_t *uid, gid_t *gid, unsigned long *blocks, unsigned long *inodes)
@@ -1942,12 +1927,6 @@ static void shmem_put_super(struct super_block *sb)
1942 sb->s_fs_info = NULL; 1927 sb->s_fs_info = NULL;
1943} 1928}
1944 1929
1945#ifdef CONFIG_TMPFS_XATTR
1946static struct xattr_handler *shmem_xattr_handlers[];
1947#else
1948#define shmem_xattr_handlers NULL
1949#endif
1950
1951static int shmem_fill_super(struct super_block *sb, 1930static int shmem_fill_super(struct super_block *sb,
1952 void *data, int silent) 1931 void *data, int silent)
1953{ 1932{
@@ -1998,7 +1977,6 @@ static int shmem_fill_super(struct super_block *sb,
1998 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 1977 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
1999 sb->s_magic = TMPFS_MAGIC; 1978 sb->s_magic = TMPFS_MAGIC;
2000 sb->s_op = &shmem_ops; 1979 sb->s_op = &shmem_ops;
2001 sb->s_xattr = shmem_xattr_handlers;
2002 1980
2003 inode = shmem_get_inode(sb, S_IFDIR | mode, 0); 1981 inode = shmem_get_inode(sb, S_IFDIR | mode, 0);
2004 if (!inode) 1982 if (!inode)
@@ -2087,12 +2065,6 @@ static struct file_operations shmem_file_operations = {
2087static struct inode_operations shmem_inode_operations = { 2065static struct inode_operations shmem_inode_operations = {
2088 .truncate = shmem_truncate, 2066 .truncate = shmem_truncate,
2089 .setattr = shmem_notify_change, 2067 .setattr = shmem_notify_change,
2090#ifdef CONFIG_TMPFS_XATTR
2091 .setxattr = generic_setxattr,
2092 .getxattr = generic_getxattr,
2093 .listxattr = generic_listxattr,
2094 .removexattr = generic_removexattr,
2095#endif
2096}; 2068};
2097 2069
2098static struct inode_operations shmem_dir_inode_operations = { 2070static struct inode_operations shmem_dir_inode_operations = {
@@ -2106,21 +2078,6 @@ static struct inode_operations shmem_dir_inode_operations = {
2106 .rmdir = shmem_rmdir, 2078 .rmdir = shmem_rmdir,
2107 .mknod = shmem_mknod, 2079 .mknod = shmem_mknod,
2108 .rename = shmem_rename, 2080 .rename = shmem_rename,
2109#ifdef CONFIG_TMPFS_XATTR
2110 .setxattr = generic_setxattr,
2111 .getxattr = generic_getxattr,
2112 .listxattr = generic_listxattr,
2113 .removexattr = generic_removexattr,
2114#endif
2115#endif
2116};
2117
2118static struct inode_operations shmem_special_inode_operations = {
2119#ifdef CONFIG_TMPFS_XATTR
2120 .setxattr = generic_setxattr,
2121 .getxattr = generic_getxattr,
2122 .listxattr = generic_listxattr,
2123 .removexattr = generic_removexattr,
2124#endif 2081#endif
2125}; 2082};
2126 2083
@@ -2146,48 +2103,6 @@ static struct vm_operations_struct shmem_vm_ops = {
2146}; 2103};
2147 2104
2148 2105
2149#ifdef CONFIG_TMPFS_SECURITY
2150
2151static size_t shmem_xattr_security_list(struct inode *inode, char *list, size_t list_len,
2152 const char *name, size_t name_len)
2153{
2154 return security_inode_listsecurity(inode, list, list_len);
2155}
2156
2157static int shmem_xattr_security_get(struct inode *inode, const char *name, void *buffer, size_t size)
2158{
2159 if (strcmp(name, "") == 0)
2160 return -EINVAL;
2161 return security_inode_getsecurity(inode, name, buffer, size);
2162}
2163
2164static int shmem_xattr_security_set(struct inode *inode, const char *name, const void *value, size_t size, int flags)
2165{
2166 if (strcmp(name, "") == 0)
2167 return -EINVAL;
2168 return security_inode_setsecurity(inode, name, value, size, flags);
2169}
2170
2171static struct xattr_handler shmem_xattr_security_handler = {
2172 .prefix = XATTR_SECURITY_PREFIX,
2173 .list = shmem_xattr_security_list,
2174 .get = shmem_xattr_security_get,
2175 .set = shmem_xattr_security_set,
2176};
2177
2178#endif /* CONFIG_TMPFS_SECURITY */
2179
2180#ifdef CONFIG_TMPFS_XATTR
2181
2182static struct xattr_handler *shmem_xattr_handlers[] = {
2183#ifdef CONFIG_TMPFS_SECURITY
2184 &shmem_xattr_security_handler,
2185#endif
2186 NULL
2187};
2188
2189#endif /* CONFIG_TMPFS_XATTR */
2190
2191static struct super_block *shmem_get_sb(struct file_system_type *fs_type, 2106static struct super_block *shmem_get_sb(struct file_system_type *fs_type,
2192 int flags, const char *dev_name, void *data) 2107 int flags, const char *dev_name, void *data)
2193{ 2108{