From: Stephen Smalley <sds@tycho.nsa.gov>

This patch modifies ext3 to call the inode_init_security LSM hook to obtain
the security attribute for a newly created inode and to set the resulting
attribute on the new inode as part of the same transaction.  This parallels
the existing processing for setting ACLs on newly created inodes.

Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/ext3/ialloc.c         |    5 +++++
 fs/ext3/xattr.h          |    1 +
 fs/ext3/xattr_security.c |   22 ++++++++++++++++++++++
 3 files changed, 28 insertions(+)

diff -puN fs/ext3/ialloc.c~ext3-enable-atomic-inode-security-labeling fs/ext3/ialloc.c
--- 25/fs/ext3/ialloc.c~ext3-enable-atomic-inode-security-labeling	Fri Jul  8 16:35:44 2005
+++ 25-akpm/fs/ext3/ialloc.c	Fri Jul  8 16:35:44 2005
@@ -606,6 +606,11 @@ got:
 		DQUOT_FREE_INODE(inode);
 		goto fail2;
   	}
+	err = ext3_init_security(handle,inode, dir);
+	if (err) {
+		DQUOT_FREE_INODE(inode);
+		goto fail2;
+	}
 	err = ext3_mark_inode_dirty(handle, inode);
 	if (err) {
 		ext3_std_error(sb, err);
diff -puN fs/ext3/xattr.h~ext3-enable-atomic-inode-security-labeling fs/ext3/xattr.h
--- 25/fs/ext3/xattr.h~ext3-enable-atomic-inode-security-labeling	Fri Jul  8 16:35:44 2005
+++ 25-akpm/fs/ext3/xattr.h	Fri Jul  8 16:35:44 2005
@@ -67,6 +67,7 @@ extern struct xattr_handler ext3_xattr_s
 
 extern ssize_t ext3_listxattr(struct dentry *, char *, size_t);
 
+extern int ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir);
 extern int ext3_xattr_get(struct inode *, int, const char *, void *, size_t);
 extern int ext3_xattr_list(struct inode *, char *, size_t);
 extern int ext3_xattr_set(struct inode *, int, const char *, const void *, size_t, int);
diff -puN fs/ext3/xattr_security.c~ext3-enable-atomic-inode-security-labeling fs/ext3/xattr_security.c
--- 25/fs/ext3/xattr_security.c~ext3-enable-atomic-inode-security-labeling	Fri Jul  8 16:35:44 2005
+++ 25-akpm/fs/ext3/xattr_security.c	Fri Jul  8 16:35:44 2005
@@ -9,6 +9,7 @@
 #include <linux/smp_lock.h>
 #include <linux/ext3_jbd.h>
 #include <linux/ext3_fs.h>
+#include <linux/security.h>
 #include "xattr.h"
 
 static size_t
@@ -47,6 +48,27 @@ ext3_xattr_security_set(struct inode *in
 			      value, size, flags);
 }
 
+int
+ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir)
+{
+	int err;
+	size_t len;
+	void *value;
+	char *name;
+
+	err = security_inode_init_security(inode, dir, &name, &value, &len);
+	if (err) {
+		if (err == -EOPNOTSUPP)
+			return 0;
+		return err;
+	}
+	err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY,
+				    name, value, len, 0);
+	kfree(name);
+	kfree(value);
+	return err;
+}
+
 struct xattr_handler ext3_xattr_security_handler = {
 	.prefix	= XATTR_SECURITY_PREFIX,
 	.list	= ext3_xattr_security_list,
_