diff options
| author | Ryan O'Hara <rohara@redhat.com> | 2006-05-22 10:08:35 -0400 |
|---|---|---|
| committer | Steven Whitehouse <swhiteho@redhat.com> | 2006-05-22 10:08:35 -0400 |
| commit | 639b6d79b8c20cce4079fb035640c65456324d1c (patch) | |
| tree | ef3cf33f8b7f3d943ced0e461e1987cd34fc8c42 /fs/gfs2/eaops.c | |
| parent | d2f222e6310b073ae3d91b8d3d676621fae1314e (diff) | |
[GFS2] selinux support
This adds support to GFS2 for selinux extended attributes. There is a
known bug in gfs2_ea_get() which is believed to be independant of this
patch. Further patches will follow once that bug is fixed in order to
make GFS2 use as much of the generic eattr infrastructure as possible.
Signed-off-by: Ryan O'Hara <rohara@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Diffstat (limited to 'fs/gfs2/eaops.c')
| -rw-r--r-- | fs/gfs2/eaops.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/fs/gfs2/eaops.c b/fs/gfs2/eaops.c index 85c1dbace88..2243b44ecb0 100644 --- a/fs/gfs2/eaops.c +++ b/fs/gfs2/eaops.c @@ -43,6 +43,10 @@ unsigned int gfs2_ea_name2type(const char *name, char **truncated_name) type = GFS2_EATYPE_USR; if (truncated_name) *truncated_name = strchr(name, '.') + 1; + } else if (strncmp(name, "security.", 9) == 0) { + type = GFS2_EATYPE_SECURITY; + if (truncated_name) + *truncated_name = strchr(name, '.') + 1; } else { type = GFS2_EATYPE_UNUSED; if (truncated_name) @@ -166,6 +170,36 @@ static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er) return gfs2_ea_remove_i(ip, er); } +static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er) +{ + struct inode *inode = ip->i_vnode; + int error = permission(inode, MAY_READ, NULL); + if (error) + return error; + + return gfs2_ea_get_i(ip, er); +} + +static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er) +{ + struct inode *inode = ip->i_vnode; + int error = permission(inode, MAY_WRITE, NULL); + if (error) + return error; + + return gfs2_ea_set_i(ip, er); +} + +static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er) +{ + struct inode *inode = ip->i_vnode; + int error = permission(inode, MAY_WRITE, NULL); + if (error) + return error; + + return gfs2_ea_remove_i(ip, er); +} + static struct gfs2_eattr_operations gfs2_user_eaops = { .eo_get = user_eo_get, .eo_set = user_eo_set, @@ -180,6 +214,13 @@ struct gfs2_eattr_operations gfs2_system_eaops = { .eo_name = "system", }; +struct gfs2_eattr_operations gfs2_security_eaops = { + .eo_get = security_eo_get, + .eo_set = security_eo_set, + .eo_remove = security_eo_remove, + .eo_name = "security", +}; + struct gfs2_eattr_operations *gfs2_ea_ops[] = { NULL, &gfs2_user_eaops, |