2 files changed, 51 insertions, 0 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 1dc7aec8e946..dfef23f1a66a 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -5640,6 +5640,53 @@ static size_t nfs4_xattr_list_nfs4_acl(struct dentry *dentry, char *list,
        return len;
 }
+#ifdef CONFIG_NFS_V4_SECURITY_LABEL
+static inline int nfs4_server_supports_labels(struct nfs_server *server)
+{
+        return server->caps & NFS_CAP_SECURITY_LABEL;
+}
+static int nfs4_xattr_set_nfs4_label(struct dentry *dentry, const char *key,
+                                   const void *buf, size_t buflen,
+                                   int flags, int type)
+{
+        if (security_ismaclabel(key))
+                return nfs4_set_security_label(dentry, buf, buflen);
+        return -EOPNOTSUPP;
+}
+static int nfs4_xattr_get_nfs4_label(struct dentry *dentry, const char *key,
+                                   void *buf, size_t buflen, int type)
+{
+        if (security_ismaclabel(key))
+                return nfs4_get_security_label(dentry->d_inode, buf, buflen);
+        return -EOPNOTSUPP;
+}
+static size_t nfs4_xattr_list_nfs4_label(struct dentry *dentry, char *list,
+                                       size_t list_len, const char *name,
+                                       size_t name_len, int type)
+{
+        size_t len = 0;
+        if (nfs_server_capable(dentry->d_inode, NFS_CAP_SECURITY_LABEL)) {
+                len = security_inode_listsecurity(dentry->d_inode, NULL, 0);
+                if (list && len <= list_len)
+                        security_inode_listsecurity(dentry->d_inode, list, len);
+        }
+        return len;
+}
+static const struct xattr_handler nfs4_xattr_nfs4_label_handler = {
+        .prefix = XATTR_SECURITY_PREFIX,
+        .list   = nfs4_xattr_list_nfs4_label,
+        .get    = nfs4_xattr_get_nfs4_label,
+        .set    = nfs4_xattr_set_nfs4_label,
+};
+#endif
 /*
 * nfs_fhget will use either the mounted_on_fileid or the fileid
 */
@@ -7468,6 +7515,9 @@ static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = {
 const struct xattr_handler *nfs4_xattr_handlers[] = {
        &nfs4_xattr_nfs4_acl_handler,
+#ifdef CONFIG_NFS_V4_SECURITY_LABEL
+        &nfs4_xattr_nfs4_label_handler,
+#endif
        NULL
 };
diff --git a/security/security.c b/security/security.c
index 8d0b9a79611a..94b35aef6871 100644
--- a/security/security.c
+++ b/security/security.c
@@ -660,6 +660,7 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
                return 0;
        return security_ops->inode_listsecurity(inode, buffer, buffer_size);
 }
+EXPORT_SYMBOL(security_inode_listsecurity);
 void security_inode_getsecid(const struct inode *inode, u32 *secid)
 {

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 1dc7aec8e946..dfef23f1a66a 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c
@@ -5640,6 +5640,53 @@ static size_t nfs4_xattr_list_nfs4_acl(struct dentry dentry, char list,
5640	return len;	5640	return len;
5641	}	5641	}
5642		5642
		5643	#ifdef CONFIG_NFS_V4_SECURITY_LABEL
		5644	static inline int nfs4_server_supports_labels(struct nfs_server *server)
		5645	{
		5646	return server->caps & NFS_CAP_SECURITY_LABEL;
		5647	}
		5648
		5649	static int nfs4_xattr_set_nfs4_label(struct dentry dentry, const char key,
		5650	const void *buf, size_t buflen,
		5651	int flags, int type)
		5652	{
		5653	if (security_ismaclabel(key))
		5654	return nfs4_set_security_label(dentry, buf, buflen);
		5655
		5656	return -EOPNOTSUPP;
		5657	}
		5658
		5659	static int nfs4_xattr_get_nfs4_label(struct dentry dentry, const char key,
		5660	void *buf, size_t buflen, int type)
		5661	{
		5662	if (security_ismaclabel(key))
		5663	return nfs4_get_security_label(dentry->d_inode, buf, buflen);
		5664	return -EOPNOTSUPP;
		5665	}
		5666
		5667	static size_t nfs4_xattr_list_nfs4_label(struct dentry dentry, char list,
		5668	size_t list_len, const char *name,
		5669	size_t name_len, int type)
		5670	{
		5671	size_t len = 0;
		5672
		5673	if (nfs_server_capable(dentry->d_inode, NFS_CAP_SECURITY_LABEL)) {
		5674	len = security_inode_listsecurity(dentry->d_inode, NULL, 0);
		5675	if (list && len <= list_len)
		5676	security_inode_listsecurity(dentry->d_inode, list, len);
		5677	}
		5678	return len;
		5679	}
		5680
		5681	static const struct xattr_handler nfs4_xattr_nfs4_label_handler = {
		5682	.prefix = XATTR_SECURITY_PREFIX,
		5683	.list = nfs4_xattr_list_nfs4_label,
		5684	.get = nfs4_xattr_get_nfs4_label,
		5685	.set = nfs4_xattr_set_nfs4_label,
		5686	};
		5687	#endif
		5688
		5689
5643	/*	5690	/*
5644	* nfs_fhget will use either the mounted_on_fileid or the fileid	5691	* nfs_fhget will use either the mounted_on_fileid or the fileid
5645	*/	5692	*/
@@ -7468,6 +7515,9 @@ static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = {
7468		7515
7469	const struct xattr_handler *nfs4_xattr_handlers[] = {	7516	const struct xattr_handler *nfs4_xattr_handlers[] = {
7470	&nfs4_xattr_nfs4_acl_handler,	7517	&nfs4_xattr_nfs4_acl_handler,
		7518	#ifdef CONFIG_NFS_V4_SECURITY_LABEL
		7519	&nfs4_xattr_nfs4_label_handler,
		7520	#endif
7471	NULL	7521	NULL
7472	};	7522	};
7473		7523


diff --git a/security/security.c b/security/security.c index 8d0b9a79611a..94b35aef6871 100644 --- a/security/security.c +++ b/security/security.c
@@ -660,6 +660,7 @@ int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer
660	return 0;	660	return 0;
661	return security_ops->inode_listsecurity(inode, buffer, buffer_size);	661	return security_ops->inode_listsecurity(inode, buffer, buffer_size);
662	}	662	}
		663	EXPORT_SYMBOL(security_inode_listsecurity);
663		664
664	void security_inode_getsecid(const struct inode inode, u32 secid)	665	void security_inode_getsecid(const struct inode inode, u32 secid)
665	{	666	{