提交 ac50960a 编写于 作者: S Stephen Smalley 提交者: Linus Torvalds

[PATCH] ext3: Enable atomic inode security labeling

This patch modifies ext3 to call the inode_init_security LSM hook to obtain
the security attribute for a newly created inode and to set the resulting
attribute on the new inode as part of the same transaction.  This parallels
the existing processing for setting ACLs on newly created inodes.
Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 10f47e6a
...@@ -607,6 +607,11 @@ struct inode *ext3_new_inode(handle_t *handle, struct inode * dir, int mode) ...@@ -607,6 +607,11 @@ struct inode *ext3_new_inode(handle_t *handle, struct inode * dir, int mode)
DQUOT_DROP(inode); DQUOT_DROP(inode);
goto fail2; goto fail2;
} }
err = ext3_init_security(handle,inode, dir);
if (err) {
DQUOT_FREE_INODE(inode);
goto fail2;
}
err = ext3_mark_inode_dirty(handle, inode); err = ext3_mark_inode_dirty(handle, inode);
if (err) { if (err) {
ext3_std_error(sb, err); ext3_std_error(sb, err);
......
...@@ -133,3 +133,14 @@ exit_ext3_xattr(void) ...@@ -133,3 +133,14 @@ exit_ext3_xattr(void)
#define ext3_xattr_handlers NULL #define ext3_xattr_handlers NULL
# endif /* CONFIG_EXT3_FS_XATTR */ # endif /* CONFIG_EXT3_FS_XATTR */
#ifdef CONFIG_EXT3_FS_SECURITY
extern int ext3_init_security(handle_t *handle, struct inode *inode,
struct inode *dir);
#else
static inline int ext3_init_security(handle_t *handle, struct inode *inode,
struct inode *dir)
{
return 0;
}
#endif
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <linux/smp_lock.h> #include <linux/smp_lock.h>
#include <linux/ext3_jbd.h> #include <linux/ext3_jbd.h>
#include <linux/ext3_fs.h> #include <linux/ext3_fs.h>
#include <linux/security.h>
#include "xattr.h" #include "xattr.h"
static size_t static size_t
...@@ -47,6 +48,27 @@ ext3_xattr_security_set(struct inode *inode, const char *name, ...@@ -47,6 +48,27 @@ ext3_xattr_security_set(struct inode *inode, const char *name,
value, size, flags); value, size, flags);
} }
int
ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir)
{
int err;
size_t len;
void *value;
char *name;
err = security_inode_init_security(inode, dir, &name, &value, &len);
if (err) {
if (err == -EOPNOTSUPP)
return 0;
return err;
}
err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY,
name, value, len, 0);
kfree(name);
kfree(value);
return err;
}
struct xattr_handler ext3_xattr_security_handler = { struct xattr_handler ext3_xattr_security_handler = {
.prefix = XATTR_SECURITY_PREFIX, .prefix = XATTR_SECURITY_PREFIX,
.list = ext3_xattr_security_list, .list = ext3_xattr_security_list,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册