xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH] remove CONFIG_XFS_SECURITY

from [Eric Sandeen] [Permanent Link][Original]
To: xfs-oss <xfs@xxxxxxxxxxx>
Subject: Re: [PATCH] remove CONFIG_XFS_SECURITY
From: Eric Sandeen <sandeen@xxxxxxxxxxx>
Date: Tue, 19 Feb 2008 18:42:28 -0600
In-reply-to: <47819E47.4030906@sandeen.net>
References: <47819E47.4030906@sandeen.net>
Sender: xfs-bounce@xxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031) 
Eric Sandeen wrote:
> Is there any point to this option?  Sure, it disables the ability
> to set security attributes at runtime, but it doesn't slim down 
> any code.
> 
> Any reason to not remove it, and always allow security attributes
> to be set?

Ack? Nak?  Comments?

-Eric

> Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxxx>
> 
> ---
> 
> Index: linux-2.6.24-rc3/fs/xfs/Kconfig
> ===================================================================
> --- linux-2.6.24-rc3.orig/fs/xfs/Kconfig
> +++ linux-2.6.24-rc3/fs/xfs/Kconfig
> @@ -35,18 +35,6 @@ config XFS_QUOTA
>         with or without the generic quota support enabled (CONFIG_QUOTA) -
>         they are completely independent subsystems.
>  
> -config XFS_SECURITY
> -     bool "XFS Security Label support"
> -     depends on XFS_FS
> -     help
> -       Security labels support alternative access control models
> -       implemented by security modules like SELinux.  This option
> -       enables an extended attribute namespace for inode security
> -       labels in the XFS filesystem.
> -
> -       If you are not using a security module that requires using
> -       extended attributes for inode security labels, say N.
> -
>  config XFS_POSIX_ACL
>       bool "XFS POSIX ACL support"
>       depends on XFS_FS
> Index: linux-2.6.24-rc3/fs/xfs/linux-2.6/xfs_super.h
> ===================================================================
> --- linux-2.6.24-rc3.orig/fs/xfs/linux-2.6/xfs_super.h
> +++ linux-2.6.24-rc3/fs/xfs/linux-2.6/xfs_super.h
> @@ -50,13 +50,8 @@ extern void xfs_qm_exit(void);
>  # define set_posix_acl_flag(sb)      do { } while (0)
>  #endif
>  
> -#ifdef CONFIG_XFS_SECURITY
> -# define XFS_SECURITY_STRING "security attributes, "
> -# define ENOSECURITY         0
> -#else
> -# define XFS_SECURITY_STRING
> -# define ENOSECURITY         EOPNOTSUPP
> -#endif
> +/* Used to be "configurable" so keep it around. */
> +#define XFS_SECURITY_STRING  "security attributes, "
>  
>  #ifdef CONFIG_XFS_RT
>  # define XFS_REALTIME_STRING "realtime, "
> Index: linux-2.6.24-rc3/fs/xfs/xfs_attr.c
> ===================================================================
> --- linux-2.6.24-rc3.orig/fs/xfs/xfs_attr.c
> +++ linux-2.6.24-rc3/fs/xfs/xfs_attr.c
> @@ -2651,7 +2651,7 @@ attr_secure_capable(
>       bhv_vnode_t     *vp,
>       cred_t          *cred)
>  {
> -     return -ENOSECURITY;
> +     return 0;
>  }
>  
>  STATIC int
> 
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [PATCH] remove CONFIG_XFS_SECURITY, Eric Sandeen <=
Previous by Date:  Re: [PATCH] swap E2BIG for EFBIG in mount size checks, Eric Sandeen
Next by Date:  Re: [PATCH, Updated] remove shouting-indirection macros from xfs_sb.h, Eric Sandeen
Previous by Thread:  Re: [PATCH] swap E2BIG for EFBIG in mount size checks, Eric Sandeen
Next by Thread:  [patch] detect and correct bad features2 superblock field, David Chinner
Indexes:  [Date] [Thread] [Top] [All Lists]