On Wed, Nov 30, 2005 at 06:34:25PM +0200, Sami Farin wrote:
> Does XFS team have plans to make 2.6.14 work with SELINUX?
> http://marc.theaimsgroup.com/?l=selinux&m=112653995009765&w=2
Does this patch help? (Its a -p1 patch, to be applied from
inside fs/xfs in the kernel).
thanks.
--
Nathan
Index: xfs-linux/linux-2.6/xfs_iops.c
===================================================================
--- xfs-linux.orig/linux-2.6/xfs_iops.c
+++ xfs-linux/linux-2.6/xfs_iops.c
@@ -53,6 +53,7 @@
#include <linux/xattr.h>
#include <linux/namei.h>
+#include <linux/security.h>
/*
* Change the requested timestamp in the given inode.
@@ -210,6 +211,39 @@ validate_fields(
}
/*
+ * Hook in SELinux. This is not quite correct yet, what we really need
+ * here (as we do for default ACLs) is a mechanism by which creation of
+ * these attrs can be journalled at inode creation time (along with the
+ * inode, of course, such that log replay can't cause these to be lost).
+ */
+STATIC int
+linvfs_init_security(
+ struct vnode *vp,
+ struct inode *dir)
+{
+ struct inode *ip = LINVFS_GET_IP(vp);
+ size_t length;
+ void *value;
+ char *name;
+ int error;
+
+ error = security_inode_init_security(ip, dir, &name, &value, &length);
+ if (error) {
+ if (error == -EOPNOTSUPP)
+ return 0;
+ return -error;
+ }
+
+ VOP_ATTR_SET(vp, name, value, length, ATTR_SECURE, NULL, error);
+ if (!error)
+ VMODIFY(vp);
+
+ kfree(name);
+ kfree(value);
+ return error;
+}
+
+/*
* Determine whether a process has a valid fs_struct (kernel daemons
* like knfsd don't have an fs_struct).
*
@@ -274,6 +308,9 @@ linvfs_mknod(
break;
}
+ if (!error)
+ error = linvfs_init_security(vp, dir);
+
if (default_acl) {
if (!error) {
error = _ACL_INHERIT(vp, &va, default_acl);
|