Index: linux-2.5/fs/Kconfig
diff -u linux-2.5/fs/Kconfig:1.1.1.3 linux-2.5/fs/Kconfig:1.5
--- linux-2.5/fs/Kconfig:1.1.1.3 Tue Mar 25 09:36:05 2003
+++ linux-2.5/fs/Kconfig Fri Apr 18 12:16:24 2003
@@ -73,6 +73,18 @@
If you don't know what Access Control Lists are, say N
+config EXT2_FS_SECURITY
+ bool "Ext2 Security Labels"
+ depends on EXT2_FS_XATTR
+ help
+ Security labels support alternative access control models
+ implemented by security modules like SELinux. This option
+ enables an extended attribute handler for file security
+ labels in the ext2 filesystem.
+
+ If you are not using a security module that requires using
+ extended attributes for file security labels, say N.
+
config EXT3_FS
tristate "Ext3 journalling file system support"
help
Index: linux-2.5/fs/ext2/Makefile
diff -u linux-2.5/fs/ext2/Makefile:1.1.1.1 linux-2.5/fs/ext2/Makefile:1.2
--- linux-2.5/fs/ext2/Makefile:1.1.1.1 Wed Mar 12 10:55:33 2003
+++ linux-2.5/fs/ext2/Makefile Fri Apr 18 12:16:34 2003
@@ -14,3 +14,7 @@
ifeq ($(CONFIG_EXT2_FS_POSIX_ACL),y)
ext2-objs += acl.o
endif
+
+ifeq ($(CONFIG_EXT2_FS_SECURITY),y)
+ext2-objs += xattr_security.o
+endif
Index: linux-2.5/fs/ext2/xattr.c
diff -u linux-2.5/fs/ext2/xattr.c:1.1.1.4 linux-2.5/fs/ext2/xattr.c:1.3
--- linux-2.5/fs/ext2/xattr.c:1.1.1.4 Mon Apr 21 10:15:47 2003
+++ linux-2.5/fs/ext2/xattr.c Mon Apr 21 11:03:31 2003
@@ -1102,22 +1102,33 @@
&ext2_xattr_trusted_handler);
if (err)
goto out;
+#ifdef CONFIG_EXT2_FS_SECURITY
+ err = ext2_xattr_register(EXT2_XATTR_INDEX_SECURITY,
+ &ext2_xattr_security_handler);
+ if (err)
+ goto out1;
+#endif
#ifdef CONFIG_EXT2_FS_POSIX_ACL
err = init_ext2_acl();
if (err)
- goto out1;
+ goto out2;
#endif
ext2_xattr_cache = mb_cache_create("ext2_xattr", NULL,
sizeof(struct mb_cache_entry) +
sizeof(struct mb_cache_entry_index), 1, 6);
if (!ext2_xattr_cache) {
err = -ENOMEM;
- goto out2;
+ goto out3;
}
return 0;
-out2:
+out3:
#ifdef CONFIG_EXT2_FS_POSIX_ACL
exit_ext2_acl();
+out2:
+#endif
+#ifdef CONFIG_EXT2_FS_SECURITY
+ ext2_xattr_unregister(EXT2_XATTR_INDEX_SECURITY,
+ &ext2_xattr_security_handler);
out1:
#endif
ext2_xattr_unregister(EXT2_XATTR_INDEX_TRUSTED,
@@ -1134,6 +1145,10 @@
mb_cache_destroy(ext2_xattr_cache);
#ifdef CONFIG_EXT2_FS_POSIX_ACL
exit_ext2_acl();
+#endif
+#ifdef CONFIG_EXT2_FS_SECURITY
+ ext2_xattr_unregister(EXT2_XATTR_INDEX_SECURITY,
+ &ext2_xattr_security_handler);
#endif
ext2_xattr_unregister(EXT2_XATTR_INDEX_TRUSTED,
&ext2_xattr_trusted_handler);
Index: linux-2.5/fs/ext2/xattr.h
diff -u linux-2.5/fs/ext2/xattr.h:1.1.1.1 linux-2.5/fs/ext2/xattr.h:1.2
--- linux-2.5/fs/ext2/xattr.h:1.1.1.1 Wed Mar 12 10:55:33 2003
+++ linux-2.5/fs/ext2/xattr.h Fri Apr 18 12:16:34 2003
@@ -22,6 +22,7 @@
#define EXT2_XATTR_INDEX_POSIX_ACL_ACCESS 2
#define EXT2_XATTR_INDEX_POSIX_ACL_DEFAULT 3
#define EXT2_XATTR_INDEX_TRUSTED 4
+#define EXT2_XATTR_INDEX_SECURITY 5
struct ext2_xattr_header {
__u32 h_magic; /* magic number for identification */
@@ -134,4 +135,5 @@
extern struct ext2_xattr_handler ext2_xattr_user_handler;
extern struct ext2_xattr_handler ext2_xattr_trusted_handler;
+extern struct ext2_xattr_handler ext2_xattr_security_handler;
Index: linux-2.5/fs/ext2/xattr_security.c
diff -u /dev/null linux-2.5/fs/ext2/xattr_security.c:1.2
--- /dev/null Thu May 1 12:55:01 2003
+++ linux-2.5/fs/ext2/xattr_security.c Thu Apr 24 14:46:04 2003
@@ -0,0 +1,54 @@
+/*
+ * linux/fs/ext2/xattr_security.c
+ * Handler for storing security labels as extended attributes.
+ */
+
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/fs.h>
+#include <linux/smp_lock.h>
+#include <linux/ext2_fs.h>
+#include "xattr.h"
+
+#define XATTR_SECURITY_PREFIX "security."
+
+static size_t
+ext2_xattr_security_list(char *list, struct inode *inode,
+ const char *name, int name_len)
+{
+ const int prefix_len = sizeof(XATTR_SECURITY_PREFIX)-1;
+
+ if (list) {
+ memcpy(list, XATTR_SECURITY_PREFIX, prefix_len);
+ memcpy(list+prefix_len, name, name_len);
+ list[prefix_len + name_len] = '\0';
+ }
+ return prefix_len + name_len + 1;
+}
+
+static int
+ext2_xattr_security_get(struct inode *inode, const char *name,
+ void *buffer, size_t size)
+{
+ if (strcmp(name, "") == 0)
+ return -EINVAL;
+ return ext2_xattr_get(inode, EXT2_XATTR_INDEX_SECURITY, name,
+ buffer, size);
+}
+
+static int
+ext2_xattr_security_set(struct inode *inode, const char *name,
+ const void *value, size_t size, int flags)
+{
+ if (strcmp(name, "") == 0)
+ return -EINVAL;
+ return ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY, name,
+ value, size, flags);
+}
+
+struct ext2_xattr_handler ext2_xattr_security_handler = {
+ .prefix = XATTR_SECURITY_PREFIX,
+ .list = ext2_xattr_security_list,
+ .get = ext2_xattr_security_get,
+ .set = ext2_xattr_security_set,
+};
-- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/