Re: [patch 2/2] Access Control Lists for tmpfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-01-09 at 00:01 +0100, Andreas Gruenbacher wrote:
> plain text document attachment (tmpfs-acl.diff)
> Add access control lists for tmpfs.
> 
> Signed-off-by: Andreas Gruenbacher <[email protected]>

> Index: linux-2.6.15-git4/mm/shmem.c
> ===================================================================
> --- linux-2.6.15-git4.orig/mm/shmem.c
> +++ linux-2.6.15-git4/mm/shmem.c
> @@ -1843,6 +1852,50 @@ static struct inode_operations shmem_sym
>  	.put_link	= shmem_put_link,
>  };
>  
> +#ifdef CONFIG_TMPFS_POSIX_ACL
> +/* The vfs implements defaults for the security.* xattr namespace for inodes
> + * that don't have xattr iops. We have xattr iops for the acls, so we must
> + * also implement the security.* defaults here.
> + */
> +static size_t shmem_xattr_security_list(struct inode *inode, char *list,
> +					size_t list_len, const char *name,
> +					size_t name_len)
> +{
> +	return security_inode_listsecurity(inode, list, list_len);
> +}
> +
> +static int shmem_xattr_security_get(struct inode *inode, const char *name,
> +				    void *buffer, size_t size)
> +{
> +	if (strcmp(name, "") == 0)
> +		return -EINVAL;
> +	return security_inode_getsecurity(inode, name, buffer, size,
> +					  -EOPNOTSUPP);
> +}
> +
> +static int shmem_xattr_security_set(struct inode *inode, const char *name,
> +				    const void *value, size_t size, int flags)
> +{
> +	if (strcmp(name, "") == 0)
> +		return -EINVAL;
> +	return security_inode_setsecurity(inode, name, value, size, flags);
> +}
> +
> +struct xattr_handler shmem_xattr_security_handler = {
> +	.prefix = XATTR_SECURITY_PREFIX,
> +	.list   = shmem_xattr_security_list,
> +	.get    = shmem_xattr_security_get,
> +	.set    = shmem_xattr_security_set,
> +};

This seems like a regression, given that this code was just removed in
2.6.14 by the generic VFS fallback support for security xattrs,
http://marc.theaimsgroup.com/?l=git-commits-head&m=112597810414161&w=2

Could you instead provide a generic VFS fallback for ACLs as well?

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux