[Cluster-devel] cluster/gfs-kernel/src/gfs eaops.c eattr.c eat ...

rohara at sourceware.org rohara at sourceware.org
Mon Jul 17 21:38:14 UTC 2006


CVSROOT:	/cvs/cluster
Module name:	cluster
Changes by:	rohara at sourceware.org	2006-07-17 21:38:13

Modified files:
	gfs-kernel/src/gfs: eaops.c eattr.c eattr.h gfs_ondisk.h 

Log message:
	Added support for SELinux extended attribute types.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eaops.c.diff?cvsroot=cluster&r1=1.5&r2=1.6
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eattr.c.diff?cvsroot=cluster&r1=1.9&r2=1.10
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eattr.h.diff?cvsroot=cluster&r1=1.3&r2=1.4
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/gfs_ondisk.h.diff?cvsroot=cluster&r1=1.9&r2=1.10

--- cluster/gfs-kernel/src/gfs/eaops.c	2006/07/10 23:22:34	1.5
+++ cluster/gfs-kernel/src/gfs/eaops.c	2006/07/17 21:38:13	1.6
@@ -47,6 +47,10 @@
 		type = GFS_EATYPE_USR;
 		if (truncated_name)
 			*truncated_name = strchr(name, '.') + 1;
+	} else if (strncmp(name, "security.", 9) == 0) {
+		type = GFS_EATYPE_SECURITY;
+		if (truncated_name)
+			*truncated_name = strchr(name, '.') + 1;
 	} else {
 		type = GFS_EATYPE_UNUSED;
 		if (truncated_name)
@@ -223,6 +227,63 @@
 	return gfs_ea_remove_i(ip, er);	
 }
 
+/**
+ * security_eo_get -
+ * @ip:
+ * @er:
+ *
+ * Returns: errno
+ */
+
+static int
+security_eo_get(struct gfs_inode *ip, struct gfs_ea_request *er)
+{
+	struct inode *inode = ip->i_vnode;
+	int error = permission(inode, MAY_READ, NULL);
+	if (error)
+		return error;
+
+	return gfs_ea_get_i(ip, er);
+}
+
+/**
+ * security_eo_set -
+ * @ip:
+ * @er:
+ *
+ * Returns: errno
+ */
+
+static int
+security_eo_set(struct gfs_inode *ip, struct gfs_ea_request *er)
+{
+	struct inode *inode = ip->i_vnode;
+	int error = permission(inode, MAY_WRITE, NULL);
+	if (error)
+		return error;
+
+	return gfs_ea_set_i(ip, er);
+}
+
+/**
+ * security_eo_remove -
+ * @ip:
+ * @er:
+ *
+ * Returns: errno
+ */
+
+static int
+security_eo_remove(struct gfs_inode *ip, struct gfs_ea_request *er)
+{
+	struct inode *inode = ip->i_vnode;
+	int error = permission(inode, MAY_WRITE, NULL);
+	if (error)
+		return error;
+
+	return gfs_ea_remove_i(ip, er);
+}
+
 struct gfs_eattr_operations gfs_user_eaops = {
 	.eo_get = user_eo_get,
 	.eo_set = user_eo_set,
@@ -237,10 +298,18 @@
 	.eo_name = "system",
 };
 
+struct gfs_eattr_operations gfs_security_eaops = {
+	.eo_get = security_eo_get,
+	.eo_set = security_eo_set,
+	.eo_remove = security_eo_remove,
+	.eo_name = "security",
+};
+
 struct gfs_eattr_operations *gfs_ea_ops[] = {
 	NULL,
 	&gfs_user_eaops,
 	&gfs_system_eaops,
+	&gfs_security_eaops,
 };
 
 
--- cluster/gfs-kernel/src/gfs/eattr.c	2006/07/10 23:22:34	1.9
+++ cluster/gfs-kernel/src/gfs/eattr.c	2006/07/17 21:38:13	1.10
@@ -499,7 +499,7 @@
 {
 	struct ea_list *ei = (struct ea_list *)private;
 	struct gfs_ea_request *er = ei->ei_er;
-	unsigned int ea_size = GFS_EA_STRLEN(ea);
+	unsigned int ea_size = gfs_ea_strlen(ea);
 
 	if (ea->ea_type == GFS_EATYPE_UNUSED)
 		return 0;
@@ -512,14 +512,28 @@
 		if (ei->ei_size + ea_size > er->er_data_len)
 			return -ERANGE;
 
-		if (ea->ea_type == GFS_EATYPE_USR) {
+		switch (ea->ea_type) {
+		case GFS_EATYPE_USR:
 			prefix = "user.";
 			l = 5;
-		} else {
+			break;
+		case GFS_EATYPE_SYS:
 			prefix = "system.";
 			l = 7;
+			break;
+		case GFS_EATYPE_SECURITY:
+			prefix = "security.";
+			l = 9;
+			break;
+		default:
+			prefix = NULL;
+			l = 0;
+			break;
 		}
 
+		if (prefix == NULL || l == 0)
+			return -EIO;
+
 		memcpy(er->er_data + ei->ei_size,
 		       prefix, l);
 		memcpy(er->er_data + ei->ei_size + l,
--- cluster/gfs-kernel/src/gfs/eattr.h	2006/07/10 23:22:34	1.3
+++ cluster/gfs-kernel/src/gfs/eattr.h	2006/07/17 21:38:13	1.4
@@ -64,6 +64,21 @@
 	struct gfs_ea_header *el_prev;
 };
 
+static inline unsigned int
+gfs_ea_strlen(struct gfs_ea_header *ea)
+{
+	switch (ea->ea_type) {
+	case GFS_EATYPE_USR:
+		return (5 + (ea->ea_name_len + 1));
+	case GFS_EATYPE_SYS:
+		return (7 + (ea->ea_name_len + 1));
+	case GFS_EATYPE_SECURITY:
+		return (9 + (ea->ea_name_len + 1));
+	default:
+		return (0);
+	}
+}
+
 int gfs_ea_repack(struct gfs_inode *ip);
 
 int gfs_ea_get_i(struct gfs_inode *ip, struct gfs_ea_request *er);
--- cluster/gfs-kernel/src/gfs/gfs_ondisk.h	2006/07/10 23:22:34	1.9
+++ cluster/gfs-kernel/src/gfs/gfs_ondisk.h	2006/07/17 21:38:13	1.10
@@ -601,8 +601,9 @@
 #define GFS_EATYPE_UNUSED       (0)
 #define GFS_EATYPE_USR          (1)     /* user attribute */
 #define GFS_EATYPE_SYS          (2)     /* system attribute */
+#define GFS_EATYPE_SECURITY	(3)	/* security attribute */
 
-#define GFS_EATYPE_LAST         (2)
+#define GFS_EATYPE_LAST         (3)
 #define GFS_EATYPE_VALID(x)     ((x) <= GFS_EATYPE_LAST)
 
 #define GFS_EAFLAG_LAST         (0x01)	/* last ea in block */




More information about the Cluster-devel mailing list