From mboxrd@z Thu Jan 1 00:00:00 1970 From: rohara@sourceware.org Date: 6 Nov 2006 21:01:37 -0000 Subject: [Cluster-devel] cluster/gfs-kernel/src/gfs eaops.c eaops.h eat ... Message-ID: <20061106210137.24266.qmail@sourceware.org> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit CVSROOT: /cvs/cluster Module name: cluster Branch: RHEL4 Changes by: rohara at sourceware.org 2006-11-06 21:01:36 Modified files: gfs-kernel/src/gfs: eaops.c eaops.h eattr.c eattr.h gfs_ondisk.h Log message: Added SELinux support. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eaops.c.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.1.2.3&r2=1.1.2.4 http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eaops.h.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.1&r2=1.1.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eattr.c.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.5&r2=1.5.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/eattr.h.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.2&r2=1.2.2.1 http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/gfs_ondisk.h.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.7&r2=1.7.2.1 --- cluster/gfs-kernel/src/gfs/eaops.c 2006/03/13 22:24:57 1.1.2.3 +++ cluster/gfs-kernel/src/gfs/eaops.c 2006/11/06 21:01:36 1.1.2.4 @@ -47,6 +47,10 @@ type = GFS_EATYPE_USR; if (truncated_name) *truncated_name = strchr(name, '.') + 1; + } else if (strncmp(name, "security.", 9) == 0) { + type = GFS_EATYPE_SECURITY; + if (truncated_name) + *truncated_name = strchr(name, '.') + 1; } else { type = GFS_EATYPE_UNUSED; if (truncated_name) @@ -223,6 +227,63 @@ return gfs_ea_remove_i(ip, er); } +/** + * security_eo_get - + * @ip: + * @er: + * + * Returns: errno + */ + +static int +security_eo_get(struct gfs_inode *ip, struct gfs_ea_request *er) +{ + struct inode *inode = ip->i_vnode; + int error = permission(inode, MAY_READ, NULL); + if (error) + return error; + + return gfs_ea_get_i(ip, er); +} + +/** + * system_eo_set - + * @ip: + * @er: + * + * Returns: errno + */ + +static int +security_eo_set(struct gfs_inode *ip, struct gfs_ea_request *er) +{ + struct inode *inode = ip->i_vnode; + int error = permission(inode, MAY_WRITE, NULL); + if (error) + return error; + + return gfs_ea_set_i(ip, er); +} + +/** + * system_eo_remove - + * @ip: + * @er: + * + * Returns: errno + */ + +static int +security_eo_remove(struct gfs_inode *ip, struct gfs_ea_request *er) +{ + struct inode *inode = ip->i_vnode; + int error = permission(inode, MAY_WRITE, NULL); + if (error) + return error; + + return gfs_ea_remove_i(ip, er); +} + struct gfs_eattr_operations gfs_user_eaops = { .eo_get = user_eo_get, .eo_set = user_eo_set, @@ -237,10 +298,17 @@ .eo_name = "system", }; +struct gfs_eattr_operations gfs_security_eaops = { + .eo_get = security_eo_get, + .eo_set = security_eo_set, + .eo_remove = security_eo_remove, + .eo_name = "security", +}; + struct gfs_eattr_operations *gfs_ea_ops[] = { NULL, &gfs_user_eaops, &gfs_system_eaops, + &gfs_security_eaops, }; - --- cluster/gfs-kernel/src/gfs/eaops.h 2004/10/05 19:44:58 1.1 +++ cluster/gfs-kernel/src/gfs/eaops.h 2006/11/06 21:01:36 1.1.2.1 @@ -27,6 +27,7 @@ extern struct gfs_eattr_operations gfs_user_eaops; extern struct gfs_eattr_operations gfs_system_eaops; +extern struct gfs_eattr_operations gfs_security_eaops; extern struct gfs_eattr_operations *gfs_ea_ops[]; --- cluster/gfs-kernel/src/gfs/eattr.c 2005/01/04 10:07:11 1.5 +++ cluster/gfs-kernel/src/gfs/eattr.c 2006/11/06 21:01:36 1.5.2.1 @@ -499,7 +499,7 @@ { struct ea_list *ei = (struct ea_list *)private; struct gfs_ea_request *er = ei->ei_er; - unsigned int ea_size = GFS_EA_STRLEN(ea); + unsigned int ea_size = gfs_ea_strlen(ea); if (ea->ea_type == GFS_EATYPE_UNUSED) return 0; @@ -512,14 +512,28 @@ if (ei->ei_size + ea_size > er->er_data_len) return -ERANGE; - if (ea->ea_type == GFS_EATYPE_USR) { + switch (ea->ea_type) { + case GFS_EATYPE_USR: prefix = "user."; l = 5; - } else { + break; + case GFS_EATYPE_SYS: prefix = "system."; l = 7; + break; + case GFS_EATYPE_SECURITY: + prefix = "security."; + l = 9; + break; + default: + prefix = NULL; + l = 0; + break; } + if (prefix == NULL || l == 0) + return -EIO; + memcpy(er->er_data + ei->ei_size, prefix, l); memcpy(er->er_data + ei->ei_size + l, --- cluster/gfs-kernel/src/gfs/eattr.h 2004/10/05 19:44:58 1.2 +++ cluster/gfs-kernel/src/gfs/eattr.h 2006/11/06 21:01:36 1.2.2.1 @@ -23,9 +23,6 @@ ((GFS_EA_IS_STUFFED(ea)) ? \ GFS_EA_DATA_LEN(ea) : \ (sizeof(uint64_t) * (ea)->ea_num_ptrs))) -#define GFS_EA_STRLEN(ea) \ -((((ea)->ea_type == GFS_EATYPE_USR) ? 5 : 7) + \ - (ea)->ea_name_len + 1) #define GFS_EA_IS_STUFFED(ea) (!(ea)->ea_num_ptrs) #define GFS_EA_IS_LAST(ea) ((ea)->ea_flags & GFS_EAFLAG_LAST) @@ -64,6 +61,21 @@ struct gfs_ea_header *el_prev; }; +static inline unsigned int +gfs_ea_strlen(struct gfs_ea_header *ea) +{ + switch (ea->ea_type) { + case GFS_EATYPE_USR: + return (5 + (ea->ea_name_len + 1)); + case GFS_EATYPE_SYS: + return (7 + (ea->ea_name_len + 1)); + case GFS_EATYPE_SECURITY: + return (9 + (ea->ea_name_len + 1)); + default: + return (0); + } +} + int gfs_ea_repack(struct gfs_inode *ip); int gfs_ea_get_i(struct gfs_inode *ip, struct gfs_ea_request *er); --- cluster/gfs-kernel/src/gfs/gfs_ondisk.h 2004/12/03 22:42:06 1.7 +++ cluster/gfs-kernel/src/gfs/gfs_ondisk.h 2006/11/06 21:01:36 1.7.2.1 @@ -599,8 +599,9 @@ #define GFS_EATYPE_UNUSED (0) #define GFS_EATYPE_USR (1) /* user attribute */ #define GFS_EATYPE_SYS (2) /* system attribute */ +#define GFS_EATYPE_SECURITY (3) /* security attribute */ -#define GFS_EATYPE_LAST (2) +#define GFS_EATYPE_LAST (3) #define GFS_EATYPE_VALID(x) ((x) <= GFS_EATYPE_LAST) #define GFS_EAFLAG_LAST (0x01) /* last ea in block */