diff options
| author | Andrew Morton <akpm@digeo.com> | 2003-05-07 08:20:42 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.transmeta.com> | 2003-05-07 08:20:42 -0700 |
| commit | 16685211ee82cd8ec22cd1b2e72de6303f4bc6c0 (patch) | |
| tree | 4a30803917daf39f2d7bd0d3d9e16d9f5bd07843 /fs/ext2/xattr.c | |
| parent | c5013b3f2e7e74b415aa708a31451dfa07fe59e1 (diff) | |
| download | history-16685211ee82cd8ec22cd1b2e72de6303f4bc6c0.tar.gz | |
[PATCH] ext2 xattr handler for security modules
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch against 2.5.68 implements an xattr handler for ext2 to support the
use of extended attributes by security modules for storing file security
labels. As per the earlier discussion of extended attributes for security
modules, this handler uses a "security." prefix and allows for per-module
attribute names. Security checking on userspace access to these attributes
can be performed by the security module using the LSM hooks in fs/xattr.c,
and the security module is free to internally use the inode operations
without restriction for managing its security labels. Unlike the trusted
namespace, these labels are used internally for access control purposes by
the security module, and controls over userspace access to them require finer
granularity than capable() supports.
Diffstat (limited to 'fs/ext2/xattr.c')
| -rw-r--r-- | fs/ext2/xattr.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c index 01e94a68c13e9d..ed2d1d4e667123 100644 --- a/fs/ext2/xattr.c +++ b/fs/ext2/xattr.c @@ -1102,22 +1102,33 @@ init_ext2_xattr(void) &ext2_xattr_trusted_handler); if (err) goto out; +#ifdef CONFIG_EXT2_FS_SECURITY + err = ext2_xattr_register(EXT2_XATTR_INDEX_SECURITY, + &ext2_xattr_security_handler); + if (err) + goto out1; +#endif #ifdef CONFIG_EXT2_FS_POSIX_ACL err = init_ext2_acl(); if (err) - goto out1; + goto out2; #endif ext2_xattr_cache = mb_cache_create("ext2_xattr", NULL, sizeof(struct mb_cache_entry) + sizeof(struct mb_cache_entry_index), 1, 6); if (!ext2_xattr_cache) { err = -ENOMEM; - goto out2; + goto out3; } return 0; -out2: +out3: #ifdef CONFIG_EXT2_FS_POSIX_ACL exit_ext2_acl(); +out2: +#endif +#ifdef CONFIG_EXT2_FS_SECURITY + ext2_xattr_unregister(EXT2_XATTR_INDEX_SECURITY, + &ext2_xattr_security_handler); out1: #endif ext2_xattr_unregister(EXT2_XATTR_INDEX_TRUSTED, @@ -1135,6 +1146,10 @@ exit_ext2_xattr(void) #ifdef CONFIG_EXT2_FS_POSIX_ACL exit_ext2_acl(); #endif +#ifdef CONFIG_EXT2_FS_SECURITY + ext2_xattr_unregister(EXT2_XATTR_INDEX_SECURITY, + &ext2_xattr_security_handler); +#endif ext2_xattr_unregister(EXT2_XATTR_INDEX_TRUSTED, &ext2_xattr_trusted_handler); ext2_xattr_unregister(EXT2_XATTR_INDEX_USER, |