Re: [patch 2/2] Access Control Lists for tmpfs

From: Stephen Smalley
Date: Tue Jan 10 2006 - 07:43:58 EST

Next message: Andi Kleen: "Re: [patch 2/2] add x86-64 support for memory hot-add"
Previous message: Yasunori Goto: "Re: [patch 2/2] add x86-64 support for memory hot-add"
In reply to: Andi Kleen: "Re: [patch 2/2] Access Control Lists for tmpfs"
Next in thread: Andreas Gruenbacher: "Re: [patch 2/2] Access Control Lists for tmpfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2006-01-09 at 00:01 +0100, Andreas Gruenbacher wrote:
> plain text document attachment (tmpfs-acl.diff)
> Add access control lists for tmpfs.
>
> Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxx>

> Index: linux-2.6.15-git4/mm/shmem.c
> ===================================================================
> --- linux-2.6.15-git4.orig/mm/shmem.c
> +++ linux-2.6.15-git4/mm/shmem.c
> @@ -1843,6 +1852,50 @@ static struct inode_operations shmem_sym
> .put_link = shmem_put_link,
> };
>
> +#ifdef CONFIG_TMPFS_POSIX_ACL
> +/* The vfs implements defaults for the security.* xattr namespace for inodes
> + * that don't have xattr iops. We have xattr iops for the acls, so we must
> + * also implement the security.* defaults here.
> + */
> +static size_t shmem_xattr_security_list(struct inode *inode, char *list,
> + size_t list_len, const char *name,
> + size_t name_len)
> +{
> + return security_inode_listsecurity(inode, list, list_len);
> +}
> +
> +static int shmem_xattr_security_get(struct inode *inode, const char *name,
> + void *buffer, size_t size)
> +{
> + if (strcmp(name, "") == 0)
> + return -EINVAL;
> + return security_inode_getsecurity(inode, name, buffer, size,
> + -EOPNOTSUPP);
> +}
> +
> +static int shmem_xattr_security_set(struct inode *inode, const char *name,
> + const void *value, size_t size, int flags)
> +{
> + if (strcmp(name, "") == 0)
> + return -EINVAL;
> + return security_inode_setsecurity(inode, name, value, size, flags);
> +}
> +
> +struct xattr_handler shmem_xattr_security_handler = {
> + .prefix = XATTR_SECURITY_PREFIX,
> + .list = shmem_xattr_security_list,
> + .get = shmem_xattr_security_get,
> + .set = shmem_xattr_security_set,
> +};

This seems like a regression, given that this code was just removed in
2.6.14 by the generic VFS fallback support for security xattrs,
http://marc.theaimsgroup.com/?l=git-commits-head&m=112597810414161&w=2

Could you instead provide a generic VFS fallback for ACLs as well?

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [patch 2/2] add x86-64 support for memory hot-add"
Previous message: Yasunori Goto: "Re: [patch 2/2] add x86-64 support for memory hot-add"
In reply to: Andi Kleen: "Re: [patch 2/2] Access Control Lists for tmpfs"
Next in thread: Andreas Gruenbacher: "Re: [patch 2/2] Access Control Lists for tmpfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]