diff options
| author | Andrew Morton <akpm@digeo.com> | 2003-05-25 01:12:47 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.transmeta.com> | 2003-05-25 01:12:47 -0700 |
| commit | 4a3fbc84058597093f1e08ce749aa364cbf32096 (patch) | |
| tree | 040cb69b9e5789a70d3fe53e70eecd0762b963d3 /security | |
| parent | fb39f360f4dc671e1f7843c64fa4624aa945841d (diff) | |
| download | history-4a3fbc84058597093f1e08ce749aa364cbf32096.tar.gz | |
[PATCH] devpts xattr handler for security labels
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch against 2.5.69-bk adds an xattr handler for security labels
to devpts and corresponding hooks to the LSM API to support conversion
between xattr values and the security labels stored in the inode
security field by the security module.
This allows userspace to get and set the security labels on devpts
nodes, e.g. so that sshd can set the security label for the pty using
setxattr, just as sshd already sets the ownership using chown.
SELinux uses this support to protect the pty in accordance with the user
process' security label. The changes to the LSM API are general and
should be re-useable by xattr handlers in other pseudo filesystems to
support similar security labeling. The xattr handler for devpts
includes the same generic framework as in ext[23], so handlers for other
kinds of attributes can be added easily in the future.
Diffstat (limited to 'security')
| -rw-r--r-- | security/dummy.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c index 8f907ce38322e4..4774b769a6de64 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -354,6 +354,21 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name) return 0; } +static int dummy_inode_getsecurity(struct dentry *dentry, const char *name, void *buffer, size_t size) +{ + return -EOPNOTSUPP; +} + +static int dummy_inode_setsecurity(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) +{ + return -EOPNOTSUPP; +} + +static int dummy_inode_listsecurity(struct dentry *dentry, char *buffer) +{ + return 0; +} + static int dummy_file_permission (struct file *file, int mask) { return 0; @@ -825,6 +840,9 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, inode_getxattr); set_to_dummy_if_null(ops, inode_listxattr); set_to_dummy_if_null(ops, inode_removexattr); + set_to_dummy_if_null(ops, inode_getsecurity); + set_to_dummy_if_null(ops, inode_setsecurity); + set_to_dummy_if_null(ops, inode_listsecurity); set_to_dummy_if_null(ops, file_permission); set_to_dummy_if_null(ops, file_alloc_security); set_to_dummy_if_null(ops, file_free_security); |