Quoting David P. Quigley (dpquigl@xxxxxxxxxxxxx): > This factors out the part of the vfs_setxattr function that performs the > setting of the xattr and its notification. This is needed so the SELinux > implementation of inode_setsecctx can handle the setting of it's xattr while > maintaining the proper separation of layers. > > Signed-off-by: Matthew N. Dodd <Matthew.Dodd@xxxxxxxxxx> > Signed-off-by: David P. Quigley <dpquigl@xxxxxxxxxxxxx> This part surely looks reasonable. Acked-by: Serge Hallyn <serue@xxxxxxxxxx> > --- > fs/xattr.c | 55 +++++++++++++++++++++++++++++++++++++----------- > include/linux/xattr.h | 1 + > 2 files changed, 43 insertions(+), 13 deletions(-) > > diff --git a/fs/xattr.c b/fs/xattr.c > index 468377e..2f93006 100644 > --- a/fs/xattr.c > +++ b/fs/xattr.c > @@ -66,22 +66,28 @@ xattr_permission(struct inode *inode, const char *name, int mask) > return inode_permission(inode, mask); > } > > -int > -vfs_setxattr(struct dentry *dentry, const char *name, const void *value, > - size_t size, int flags) > +/** > + * __vfs_setxattr_noperm - perform setxattr operation without performing > + * permission checks. > + * > + * @dentry - object to perform setxattr on > + * @name - xattr name to set > + * @value - value to set @name to > + * @size - size of @value > + * @flags - flags to pass into filesystem operations > + * > + * returns the result of the internal setxattr or setsecurity operations. > + * > + * This function requires the caller to lock the inode's i_mutex before it > + * is executed. It also assumes that the caller will make the appropriate > + * permission checks. > + */ > +int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, > + const void *value, size_t size, int flags) > { > struct inode *inode = dentry->d_inode; > - int error; > - > - error = xattr_permission(inode, name, MAY_WRITE); > - if (error) > - return error; > + int error = -EOPNOTSUPP; > > - mutex_lock(&inode->i_mutex); > - error = security_inode_setxattr(dentry, name, value, size, flags); > - if (error) > - goto out; > - error = -EOPNOTSUPP; > if (inode->i_op->setxattr) { > error = inode->i_op->setxattr(dentry, name, value, size, flags); > if (!error) { > @@ -97,6 +103,29 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value, > if (!error) > fsnotify_xattr(dentry); > } > + > + return error; > +} > + > + > +int > +vfs_setxattr(struct dentry *dentry, const char *name, const void *value, > + size_t size, int flags) > +{ > + struct inode *inode = dentry->d_inode; > + int error; > + > + error = xattr_permission(inode, name, MAY_WRITE); > + if (error) > + return error; > + > + mutex_lock(&inode->i_mutex); > + error = security_inode_setxattr(dentry, name, value, size, flags); > + if (error) > + goto out; > + > + error = __vfs_setxattr_noperm(dentry, name, value, size, flags); > + > out: > mutex_unlock(&inode->i_mutex); > return error; > diff --git a/include/linux/xattr.h b/include/linux/xattr.h > index d131e35..5c84af8 100644 > --- a/include/linux/xattr.h > +++ b/include/linux/xattr.h > @@ -49,6 +49,7 @@ struct xattr_handler { > ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t); > ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t); > ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); > +int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int); > int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int); > int vfs_removexattr(struct dentry *, const char *); > > -- > 1.5.5.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.