NFS: Client implementation of Labeled-NFS

This patch implements the client transport and handling support for labeled
NFS. The patch adds two functions to encode and decode the security label
recommended attribute which makes use of the LSM hooks added earlier. It also
adds code to grab the label from the file attribute structures and encode the
label to be sent back to the server.

Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg>
Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg>
Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6149633ff715..9f8e9b2e717a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2908,7 +2908,10 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
                 return;
         }
 
+        isec->sclass = inode_mode_to_security_class(inode->i_mode);
         isec->sid = newsid;
+        isec->initialized = 1;
+
         return;
 }
 
@@ -2996,6 +2999,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
         if (rc)
                 return rc;
 
+        isec->sclass = inode_mode_to_security_class(inode->i_mode);
         isec->sid = newsid;
         isec->initialized = 1;
         return 0;