Re: [PATCH 14/17] NFS: Extend NFS xattr handlers to accept the security namespace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2 May 2013, Steve Dickson wrote:

> From: David Quigley <dpquigl@xxxxxxxxxxxxxxx>
> 
> The existing NFSv4 xattr handlers do not accept xattr calls to the security
> namespace. This patch extends these handlers to accept xattrs from the security
> namespace in addition to the default NFSv4 ACL namespace.
> 
> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@xxxxxxxxxx>
> Signed-off-by: Miguel Rodel Felipe <Rodel_FM@xxxxxxxxxxxxxxxxx>
> Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@xxxxxxxxxxxxxxxxx>
> Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@xxxxxxxxxxxxxxxxx>

Acked-by: James Morris <james.l.morris@xxxxxxxxxx>


> ---
>  fs/nfs/nfs4proc.c   | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  security/security.c |  1 +
>  2 files changed, 51 insertions(+)
> 
> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
> index 0e5b319..7b65c99 100644
> --- a/fs/nfs/nfs4proc.c
> +++ b/fs/nfs/nfs4proc.c
> @@ -5518,6 +5518,53 @@ static size_t nfs4_xattr_list_nfs4_acl(struct dentry *dentry, char *list,
>  	return len;
>  }
>  
> +#ifdef CONFIG_NFS_V4_SECURITY_LABEL
> +static inline int nfs4_server_supports_labels(struct nfs_server *server)
> +{
> +	return server->caps & NFS_CAP_SECURITY_LABEL;
> +}
> +
> +static int nfs4_xattr_set_nfs4_label(struct dentry *dentry, const char *key,
> +				   const void *buf, size_t buflen,
> +				   int flags, int type)
> +{
> +	if (security_ismaclabel(key))
> +		return nfs4_set_security_label(dentry, buf, buflen);
> +
> +	return -EOPNOTSUPP;
> +}
> +
> +static int nfs4_xattr_get_nfs4_label(struct dentry *dentry, const char *key,
> +				   void *buf, size_t buflen, int type)
> +{
> +	if (security_ismaclabel(key))
> +		return nfs4_get_security_label(dentry->d_inode, buf, buflen);
> +	return -EOPNOTSUPP;
> +}
> +
> +static size_t nfs4_xattr_list_nfs4_label(struct dentry *dentry, char *list,
> +				       size_t list_len, const char *name,
> +				       size_t name_len, int type)
> +{
> +	size_t len = 0;
> +
> +	if (nfs_server_capable(dentry->d_inode, NFS_CAP_SECURITY_LABEL)) {
> +		len = security_inode_listsecurity(dentry->d_inode, NULL, 0);
> +		if (list && len <= list_len)
> +			security_inode_listsecurity(dentry->d_inode, list, len);
> +	}
> +	return len;
> +}
> +
> +static const struct xattr_handler nfs4_xattr_nfs4_label_handler = {
> +	.prefix = XATTR_SECURITY_PREFIX,
> +	.list	= nfs4_xattr_list_nfs4_label,
> +	.get	= nfs4_xattr_get_nfs4_label,
> +	.set	= nfs4_xattr_set_nfs4_label,
> +};
> +#endif
> +
> +
>  /*
>   * nfs_fhget will use either the mounted_on_fileid or the fileid
>   */
> @@ -7270,6 +7317,9 @@ static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = {
>  
>  const struct xattr_handler *nfs4_xattr_handlers[] = {
>  	&nfs4_xattr_nfs4_acl_handler,
> +#ifdef CONFIG_NFS_V4_SECURITY_LABEL
> +	&nfs4_xattr_nfs4_label_handler,
> +#endif
>  	NULL
>  };
>  
> diff --git a/security/security.c b/security/security.c
> index df8ade2..758af6b 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -660,6 +660,7 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
>  		return 0;
>  	return security_ops->inode_listsecurity(inode, buffer, buffer_size);
>  }
> +EXPORT_SYMBOL(security_inode_listsecurity);
>  
>  void security_inode_getsecid(const struct inode *inode, u32 *secid)
>  {
> -- 
> 1.8.1.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-- 
James Morris
<jmorris@xxxxxxxxx>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux