[PATCH 3/3] NFS: Ensure we support selinux xattrs

From: Trond Myklebust <[email protected]>

Some programs (e.g. GNU "cp") are currently crashing because NFS
allows you to inquire about SELinux security attributes (vfs_getxattr()
automatically handles this), but returns -EOPNOTSUPP when they later
attempt to set the SELinux security attributes.

The following patch just ensures that we pass the request to set security
attributes on to the default SELinux handler.

Signed-off-by: Trond Myklebust <[email protected]>
---

 fs/nfs/nfs3acl.c  |   13 +++++++++++++
 fs/nfs/nfs4proc.c |   14 ++++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
index 7322da4..5970e7b 100644
--- a/fs/nfs/nfs3acl.c
+++ b/fs/nfs/nfs3acl.c
@@ -4,6 +4,9 @@ #include <linux/nfs3.h>
 #include <linux/nfs_fs.h>
 #include <linux/posix_acl_xattr.h>
 #include <linux/nfsacl.h>
+#include <linux/security.h>
+#include <linux/xattr.h>
+#include <linux/fsnotify.h>
 
 #define NFSDBG_FACILITY	NFSDBG_PROC
 
@@ -82,6 +85,16 @@ int nfs3_setxattr(struct dentry *dentry,
 	struct posix_acl *acl;
 	int type, error;
 
+	/* Selinux support */
+	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {
+		const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
+		error = security_inode_setsecurity(inode, suffix, value,
+				size, flags);
+		if (!error)
+			fsnotify_xattr(dentry);
+		return error;
+	}
+
 	if (strcmp(name, POSIX_ACL_XATTR_ACCESS) == 0)
 		type = ACL_TYPE_ACCESS;
 	else if (strcmp(name, POSIX_ACL_XATTR_DEFAULT) == 0)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index b3fd29b..ac1082b 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -48,6 +48,9 @@ #include <linux/nfs_page.h>
 #include <linux/smp_lock.h>
 #include <linux/namei.h>
 #include <linux/mount.h>
+#include <linux/security.h>
+#include <linux/xattr.h>
+#include <linux/fsnotify.h>
 
 #include "nfs4_fs.h"
 #include "delegation.h"
@@ -3547,6 +3550,17 @@ int nfs4_setxattr(struct dentry *dentry,
 {
 	struct inode *inode = dentry->d_inode;
 
+	/* Selinux support */
+	if (!strncmp(key, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {
+		const char *suffix = key + XATTR_SECURITY_PREFIX_LEN;
+		int error;
+		error = security_inode_setsecurity(inode, suffix, buf,
+				buflen, flags);
+		if (!error)
+			fsnotify_xattr(dentry);
+		return error;
+	}
+
 	if (strcmp(key, XATTR_NAME_NFSV4_ACL) != 0)
 		return -EOPNOTSUPP;
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 3/3] NFS: Ensure we support selinux xattrs
  - From: Stephen Smalley <[email protected]>

References:
- [PATCH 0/3] NFS Bugfixes for 2.6.20-rc5
  - From: Trond Myklebust <[email protected]>

Prev by Date: Re: [RFC] Limit the size of the pagecache
Next by Date: [PATCH 0/3] NFS Bugfixes for 2.6.20-rc5
Previous by thread: [PATCH 0/3] NFS Bugfixes for 2.6.20-rc5
Next by thread: Re: [PATCH 3/3] NFS: Ensure we support selinux xattrs
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]