From 446ada4a03808f128e8f28daa0f103dc69d22d5b Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Wed, 11 Jan 2006 15:35:44 +1100 Subject: [PATCH] [XFS] Add an XFS callout to security_inode_init_security; SE Linux is not functional with XFS without this change. SGI-PV: 946762 SGI-Modid: xfs-linux-melb:xfs-kern:24766a Signed-off-by: Nathan Scott --- fs/xfs/linux-2.6/xfs_iops.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/fs/xfs/linux-2.6/xfs_iops.c b/fs/xfs/linux-2.6/xfs_iops.c index 8fd274fc26d5..6bf770cfb006 100644 --- a/fs/xfs/linux-2.6/xfs_iops.c +++ b/fs/xfs/linux-2.6/xfs_iops.c @@ -53,6 +53,7 @@ #include #include +#include #define IS_NOATIME(inode) ((inode->i_sb->s_flags & MS_NOATIME) || \ (S_ISDIR(inode->i_mode) && inode->i_sb->s_flags & MS_NODIRATIME)) @@ -202,6 +203,39 @@ validate_fields( } } +/* + * Hook in SELinux. This is not quite correct yet, what we really need + * here (as we do for default ACLs) is a mechanism by which creation of + * these attrs can be journalled at inode creation time (along with the + * inode, of course, such that log replay can't cause these to be lost). + */ +STATIC int +linvfs_init_security( + struct vnode *vp, + struct inode *dir) +{ + struct inode *ip = LINVFS_GET_IP(vp); + size_t length; + void *value; + char *name; + int error; + + error = security_inode_init_security(ip, dir, &name, &value, &length); + if (error) { + if (error == -EOPNOTSUPP) + return 0; + return -error; + } + + VOP_ATTR_SET(vp, name, value, length, ATTR_SECURE, NULL, error); + if (!error) + VMODIFY(vp); + + kfree(name); + kfree(value); + return error; +} + /* * Determine whether a process has a valid fs_struct (kernel daemons * like knfsd don't have an fs_struct). @@ -267,6 +301,9 @@ linvfs_mknod( break; } + if (!error) + error = linvfs_init_security(vp, dir); + if (default_acl) { if (!error) { error = _ACL_INHERIT(vp, &va, default_acl);