[Cluster-devel] cluster/gfs-kernel/src/gfs eaops.c eaops.h eat ...

rohara at sourceware.org rohara at sourceware.org
Mon Nov 20 20:06:15 UTC 2006


CVSROOT:	/cvs/cluster
Module name:	cluster
Branch: 	STABLE
Changes by:	rohara at sourceware.org	2006-11-20 20:06:14

Modified files:
	gfs-kernel/src/gfs: eaops.c eaops.h eattr.c eattr.h gfs_ondisk.h 

Log message:
	Add SELinux xattr support.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eaops.c.diff?cvsroot=cluster&only_with_tag=STABLE&r1=1.1.6.1.2.3&r2=1.1.6.1.2.4
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eaops.h.diff?cvsroot=cluster&only_with_tag=STABLE&r1=1.1&r2=1.1.8.1
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eattr.c.diff?cvsroot=cluster&only_with_tag=STABLE&r1=1.5.6.1.2.1&r2=1.5.6.1.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eattr.h.diff?cvsroot=cluster&only_with_tag=STABLE&r1=1.2&r2=1.2.8.1
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/gfs_ondisk.h.diff?cvsroot=cluster&only_with_tag=STABLE&r1=1.7&r2=1.7.8.1

--- cluster/gfs-kernel/src/gfs/eaops.c	2006/03/13 22:26:24	1.1.6.1.2.3
+++ cluster/gfs-kernel/src/gfs/eaops.c	2006/11/20 20:06:14	1.1.6.1.2.4
@@ -47,6 +47,10 @@
 		type = GFS_EATYPE_USR;
 		if (truncated_name)
 			*truncated_name = strchr(name, '.') + 1;
+	} else if (strncmp(name, "security.", 9) == 0) {
+		type = GFS_EATYPE_SECURITY;
+		if (truncated_name)
+			*truncated_name = strchr(name, '.') + 1;
 	} else {
 		type = GFS_EATYPE_UNUSED;
 		if (truncated_name)
@@ -223,6 +227,63 @@
 	return gfs_ea_remove_i(ip, er);	
 }
 
+/**
+ * security_eo_get -
+ * @ip:
+ * @er:
+ *
+ * Returns: errno
+ */
+
+static int
+security_eo_get(struct gfs_inode *ip, struct gfs_ea_request *er)
+{
+	struct inode *inode = ip->i_vnode;
+	int error = permission(inode, MAY_READ, NULL);
+	if (error)
+		return error;
+
+	return gfs_ea_get_i(ip, er);
+}
+
+/**
+ * security_eo_set -
+ * @ip:
+ * @er:
+ *
+ * Returns: errno
+ */
+
+static int
+security_eo_set(struct gfs_inode *ip, struct gfs_ea_request *er)
+{
+	struct inode *inode = ip->i_vnode;
+	int error = permission(inode, MAY_WRITE, NULL);
+	if (error)
+		return error;
+
+	return gfs_ea_set_i(ip, er);
+}
+
+/**
+ * security_eo_remove -
+ * @ip:
+ * @er:
+ *
+ * Returns: errno
+ */
+
+static int
+security_eo_remove(struct gfs_inode *ip, struct gfs_ea_request *er)
+{
+	struct inode *inode = ip->i_vnode;
+	int error = permission(inode, MAY_WRITE, NULL);
+	if (error)
+		return error;
+
+	return gfs_ea_remove_i(ip, er);
+}
+
 struct gfs_eattr_operations gfs_user_eaops = {
 	.eo_get = user_eo_get,
 	.eo_set = user_eo_set,
@@ -237,10 +298,17 @@
 	.eo_name = "system",
 };
 
+struct gfs_eattr_operations gfs_security_eaops = {
+	.eo_get = security_eo_get,
+	.eo_set = security_eo_set,
+	.eo_remove = security_eo_remove,
+	.eo_name = "security",
+};
+
 struct gfs_eattr_operations *gfs_ea_ops[] = {
 	NULL,
 	&gfs_user_eaops,
 	&gfs_system_eaops,
+	&gfs_security_eaops,
 };
 
-
--- cluster/gfs-kernel/src/gfs/eaops.h	2004/10/05 19:44:58	1.1
+++ cluster/gfs-kernel/src/gfs/eaops.h	2006/11/20 20:06:14	1.1.8.1
@@ -27,6 +27,7 @@
 
 extern struct gfs_eattr_operations gfs_user_eaops;
 extern struct gfs_eattr_operations gfs_system_eaops;
+extern struct gfs_eattr_operations gfs_security_eaops;
 
 extern struct gfs_eattr_operations *gfs_ea_ops[];
 
--- cluster/gfs-kernel/src/gfs/eattr.c	2005/08/31 04:30:43	1.5.6.1.2.1
+++ cluster/gfs-kernel/src/gfs/eattr.c	2006/11/20 20:06:14	1.5.6.1.2.2
@@ -499,7 +499,7 @@
 {
 	struct ea_list *ei = (struct ea_list *)private;
 	struct gfs_ea_request *er = ei->ei_er;
-	unsigned int ea_size = GFS_EA_STRLEN(ea);
+	unsigned int ea_size = gfs_ea_strlen(ea);
 
 	if (ea->ea_type == GFS_EATYPE_UNUSED)
 		return 0;
@@ -512,14 +512,28 @@
 		if (ei->ei_size + ea_size > er->er_data_len)
 			return -ERANGE;
 
-		if (ea->ea_type == GFS_EATYPE_USR) {
+		switch (ea->ea_type) {
+		case GFS_EATYPE_USR:
 			prefix = "user.";
 			l = 5;
-		} else {
+			break;
+		case GFS_EATYPE_SYS:
 			prefix = "system.";
 			l = 7;
+			break;
+		case GFS_EATYPE_SECURITY:
+			prefix = "security.";
+			l = 9;
+			break;
+		default:
+			prefix = NULL;
+			l = 0;
+			break;
 		}
 
+		if (prefix == NULL || l == 0)
+			return -EIO;
+
 		memcpy(er->er_data + ei->ei_size,
 		       prefix, l);
 		memcpy(er->er_data + ei->ei_size + l,
--- cluster/gfs-kernel/src/gfs/eattr.h	2004/10/05 19:44:58	1.2
+++ cluster/gfs-kernel/src/gfs/eattr.h	2006/11/20 20:06:14	1.2.8.1
@@ -23,9 +23,6 @@
 	   ((GFS_EA_IS_STUFFED(ea)) ? \
 	    GFS_EA_DATA_LEN(ea) : \
 	    (sizeof(uint64_t) * (ea)->ea_num_ptrs)))
-#define GFS_EA_STRLEN(ea) \
-((((ea)->ea_type == GFS_EATYPE_USR) ? 5 : 7) + \
- (ea)->ea_name_len + 1)
 
 #define GFS_EA_IS_STUFFED(ea) (!(ea)->ea_num_ptrs)
 #define GFS_EA_IS_LAST(ea) ((ea)->ea_flags & GFS_EAFLAG_LAST)
@@ -64,6 +61,21 @@
 	struct gfs_ea_header *el_prev;
 };
 
+static inline unsigned int
+gfs_ea_strlen(struct gfs_ea_header *ea)
+{
+	switch (ea->ea_type) {
+	case GFS_EATYPE_USR:
+		return (5 + (ea->ea_name_len + 1));
+	case GFS_EATYPE_SYS:
+		return (7 + (ea->ea_name_len + 1));
+	case GFS_EATYPE_SECURITY:
+		return (9 + (ea->ea_name_len + 1));
+	default:
+		return (0);
+	}
+}
+
 int gfs_ea_repack(struct gfs_inode *ip);
 
 int gfs_ea_get_i(struct gfs_inode *ip, struct gfs_ea_request *er);
--- cluster/gfs-kernel/src/gfs/gfs_ondisk.h	2004/12/03 22:42:06	1.7
+++ cluster/gfs-kernel/src/gfs/gfs_ondisk.h	2006/11/20 20:06:14	1.7.8.1
@@ -599,8 +599,9 @@
 #define GFS_EATYPE_UNUSED       (0)
 #define GFS_EATYPE_USR          (1)     /* user attribute */
 #define GFS_EATYPE_SYS          (2)     /* system attribute */
+#define GFS_EATYPE_SECURITY     (3)     /* security attribute */
 
-#define GFS_EATYPE_LAST         (2)
+#define GFS_EATYPE_LAST         (3)
 #define GFS_EATYPE_VALID(x)     ((x) <= GFS_EATYPE_LAST)
 
 #define GFS_EAFLAG_LAST         (0x01)	/* last ea in block */




More information about the Cluster-devel mailing list