Hi,
The following patch is to support security labels.
commit 8ae8f1627f39bae505b90cade50cd8a911b8bda6
Author: Jaegeuk Kim <jaegeuk.kim@xxxxxxxxxxx>
Date: Mon Jun 3 19:46:19 2013 +0900
f2fs: support xattr security labels
Please use the latest f2fs source codes.
Thanks,
This patch adds the support of security labels for f2fs, which will
be used
by Linus Security Models (LSMs).
Quote from http://en.wikipedia.org/wiki/Linux_Security_Modules:
"Linux Security Modules (LSM) is a framework that allows the Linux
kernel to
support a variety of computer security models while avoiding
favoritism toward
any single security implementation. The framework is licensed under
the terms of
the GNU General Public License and is standard part of the Linux
kernel since
Linux 2.6. AppArmor, SELinux, Smack and TOMOYO Linux are the
currently accepted
modules in the official kernel.".
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@xxxxxxxxxxx>
2013-12-03 (화), 18:31 +0200, Konstantin Dorfman:
> Hello all,
>
> As I can see from the code of system/extras/ext4_utils/make_ext4fs.c (it
> is utility to create android ext4 images from Google):
> ...
> ret = inode_set_selinux(entry_inode, dentries[i].secon);
> if (ret)
> error("failed to set SELinux context on %s\n", dentries[i].path);
> ...
>
> This utility creates security context per file on target filesystem,
> while running in userspace.
> I'm looking for similar process for f2fs filesystem. Probably this
> process will create seclabel configuration for F2FS.
>
> Any ideas?
>
> Thanks,
> Kostya
>
> On 12/02/2013 02:09 AM, Jaegeuk Kim wrote:
> > Hi,
> >
> > Could you check the config of F2FS?
> > There should be a seclabel config.
> > Thanks,
> >
> >
> > ------- Original Message -------
> > Sender : Konstantin Dorfman<kdorfman@xxxxxxxxxxxxxx>
> > Date : 2013-12-02 02:09 (GMT+09:00)
> > Title : f2fs xattr and SELinux
> >
> > Hi all,
> >
> > I'm trying to use f2fs xattr with SELinux (on android) and getting
> > following error:
> >
> > root# restorecon -Rv /data
> > Relabeling /data from u:object_r:unlabeled:s0 to
> > u:object_r:system_data_file:s0.
> > Could not label /data with u:object_r:system_data_file:s0: Operation not
> > supported on transport endpoint
> >
> > Also, output of `ls -Z` command (all files/dirs are unlabeled):
> >
> > root# ls -Z /data
> > drwxrwx--x system system u:object_r:unlabeled:s0 app
> > drwxr-x--x root root u:object_r:unlabeled:s0 app_tests
> > drwxr-x--x root root u:object_r:unlabeled:s0 audio-encode
> > drwxr-x--x root root u:object_r:unlabeled:s0 busybox
> > drwxrwx--x system system u:object_r:unlabeled:s0 connectivity
> > drwxr-x--x root root u:object_r:unlabeled:s0 data_test
> > drwxr-x--x root root u:object_r:unlabeled:s0 evt-test
> > drwxr-x--x root root u:object_r:unlabeled:s0 fstest
> > drwxr-x--x root root u:object_r:unlabeled:s0 gps-test
> > drwxr-x--x root root u:object_r:unlabeled:s0 graphics_tests
> > drwxr-x--x root root u:object_r:unlabeled:s0
> > instrumentation_tests
> > drwxr-x--x root root u:object_r:unlabeled:s0 kernel-tests
> > drwxrwx--- root root u:object_r:unlabeled:s0 lost+found
> > drwxrwx--- media_rw media_rw u:object_r:unlabeled:s0 media
> >
> > mount output is:
> > /dev/block/bootdevice/by-name/userdata /data f2fs
> > rw,nosuid,nodev,relatime,background_gc_on,discard,user_xattr,acl,active_logs=6
> > 0 0
> >
> > Any comments/ideas about why xattr is not working for me on f2fs?
> >
> > Thanks,
> > Kostya
> >
>
>
--
Jaegeuk Kim
Samsung
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
