[PATCH] ext3: Enable atomic inode security labeling
authorStephen Smalley <sds@tycho.nsa.gov>
Fri, 9 Sep 2005 20:01:41 +0000 (13:01 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Fri, 9 Sep 2005 20:57:28 +0000 (13:57 -0700)
This patch modifies ext3 to call the inode_init_security LSM hook to obtain
the security attribute for a newly created inode and to set the resulting
attribute on the new inode as part of the same transaction.  This parallels
the existing processing for setting ACLs on newly created inodes.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/ext3/ialloc.c
fs/ext3/xattr.h
fs/ext3/xattr_security.c

index 6981bd014ede9f2dd6f7d902e1f2e890b1cee01f..96552769d039e64d13d2ecc80e4c356eefc4398c 100644 (file)
@@ -607,6 +607,11 @@ got:
                DQUOT_DROP(inode);
                goto fail2;
        }
+       err = ext3_init_security(handle,inode, dir);
+       if (err) {
+               DQUOT_FREE_INODE(inode);
+               goto fail2;
+       }
        err = ext3_mark_inode_dirty(handle, inode);
        if (err) {
                ext3_std_error(sb, err);
index eb31a69e82dc93db91ae93fcbea7995bee36b69e..2ceae38f3d49726293f36997cb5b514a7d05bc2e 100644 (file)
@@ -133,3 +133,14 @@ exit_ext3_xattr(void)
 #define ext3_xattr_handlers    NULL
 
 # endif  /* CONFIG_EXT3_FS_XATTR */
+
+#ifdef CONFIG_EXT3_FS_SECURITY
+extern int ext3_init_security(handle_t *handle, struct inode *inode,
+                               struct inode *dir);
+#else
+static inline int ext3_init_security(handle_t *handle, struct inode *inode,
+                               struct inode *dir)
+{
+       return 0;
+}
+#endif
index ddc1c41750e1403ce32c202129bb46f4bc813f06..b9c40c15647bb709e0991c2fbf25663bd4a0fa1f 100644 (file)
@@ -9,6 +9,7 @@
 #include <linux/smp_lock.h>
 #include <linux/ext3_jbd.h>
 #include <linux/ext3_fs.h>
+#include <linux/security.h>
 #include "xattr.h"
 
 static size_t
@@ -47,6 +48,27 @@ ext3_xattr_security_set(struct inode *inode, const char *name,
                              value, size, flags);
 }
 
+int
+ext3_init_security(handle_t *handle, struct inode *inode, struct inode *dir)
+{
+       int err;
+       size_t len;
+       void *value;
+       char *name;
+
+       err = security_inode_init_security(inode, dir, &name, &value, &len);
+       if (err) {
+               if (err == -EOPNOTSUPP)
+                       return 0;
+               return err;
+       }
+       err = ext3_xattr_set_handle(handle, inode, EXT3_XATTR_INDEX_SECURITY,
+                                   name, value, len, 0);
+       kfree(name);
+       kfree(value);
+       return err;
+}
+
 struct xattr_handler ext3_xattr_security_handler = {
        .prefix = XATTR_SECURITY_PREFIX,
        .list   = ext3_xattr_security_list,