On Thu, 2 May 2013, Steve Dickson wrote: > From: David Quigley <dpquigl@xxxxxxxxxxxxxxx> > > The existing NFSv4 xattr handlers do not accept xattr calls to the security > namespace. This patch extends these handlers to accept xattrs from the security > namespace in addition to the default NFSv4 ACL namespace. > > Signed-off-by: Matthew N. Dodd <Matthew.Dodd@xxxxxxxxxx> > Signed-off-by: Miguel Rodel Felipe <Rodel_FM@xxxxxxxxxxxxxxxxx> > Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@xxxxxxxxxxxxxxxxx> > Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@xxxxxxxxxxxxxxxxx> Acked-by: James Morris <james.l.morris@xxxxxxxxxx> > --- > fs/nfs/nfs4proc.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ > security/security.c | 1 + > 2 files changed, 51 insertions(+) > > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > index 0e5b319..7b65c99 100644 > --- a/fs/nfs/nfs4proc.c > +++ b/fs/nfs/nfs4proc.c > @@ -5518,6 +5518,53 @@ static size_t nfs4_xattr_list_nfs4_acl(struct dentry *dentry, char *list, > return len; > } > > +#ifdef CONFIG_NFS_V4_SECURITY_LABEL > +static inline int nfs4_server_supports_labels(struct nfs_server *server) > +{ > + return server->caps & NFS_CAP_SECURITY_LABEL; > +} > + > +static int nfs4_xattr_set_nfs4_label(struct dentry *dentry, const char *key, > + const void *buf, size_t buflen, > + int flags, int type) > +{ > + if (security_ismaclabel(key)) > + return nfs4_set_security_label(dentry, buf, buflen); > + > + return -EOPNOTSUPP; > +} > + > +static int nfs4_xattr_get_nfs4_label(struct dentry *dentry, const char *key, > + void *buf, size_t buflen, int type) > +{ > + if (security_ismaclabel(key)) > + return nfs4_get_security_label(dentry->d_inode, buf, buflen); > + return -EOPNOTSUPP; > +} > + > +static size_t nfs4_xattr_list_nfs4_label(struct dentry *dentry, char *list, > + size_t list_len, const char *name, > + size_t name_len, int type) > +{ > + size_t len = 0; > + > + if (nfs_server_capable(dentry->d_inode, NFS_CAP_SECURITY_LABEL)) { > + len = security_inode_listsecurity(dentry->d_inode, NULL, 0); > + if (list && len <= list_len) > + security_inode_listsecurity(dentry->d_inode, list, len); > + } > + return len; > +} > + > +static const struct xattr_handler nfs4_xattr_nfs4_label_handler = { > + .prefix = XATTR_SECURITY_PREFIX, > + .list = nfs4_xattr_list_nfs4_label, > + .get = nfs4_xattr_get_nfs4_label, > + .set = nfs4_xattr_set_nfs4_label, > +}; > +#endif > + > + > /* > * nfs_fhget will use either the mounted_on_fileid or the fileid > */ > @@ -7270,6 +7317,9 @@ static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = { > > const struct xattr_handler *nfs4_xattr_handlers[] = { > &nfs4_xattr_nfs4_acl_handler, > +#ifdef CONFIG_NFS_V4_SECURITY_LABEL > + &nfs4_xattr_nfs4_label_handler, > +#endif > NULL > }; > > diff --git a/security/security.c b/security/security.c > index df8ade2..758af6b 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -660,6 +660,7 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer > return 0; > return security_ops->inode_listsecurity(inode, buffer, buffer_size); > } > +EXPORT_SYMBOL(security_inode_listsecurity); > > void security_inode_getsecid(const struct inode *inode, u32 *secid) > { > -- > 1.8.1.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.