From mboxrd@z Thu Jan  1 00:00:00 1970
From: rohara@sourceware.org <rohara@sourceware.org>
Date: 3 Oct 2006 17:27:35 -0000
Subject: [Cluster-devel] cluster/gfs-kernel/src/gfs ops_inode.c
Message-ID: <20061003172735.32633.qmail@sourceware.org>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

CVSROOT:	/cvs/cluster
Module name:	cluster
Changes by:	rohara at sourceware.org	2006-10-03 17:27:34

Modified files:
	gfs-kernel/src/gfs: ops_inode.c 

Log message:
	Added gfs_security_init to initialize SELinux xattrs for newly created
	inodes.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/gfs-kernel/src/gfs/ops_inode.c.diff?cvsroot=cluster&r1=1.11&r2=1.12

--- cluster/gfs-kernel/src/gfs/ops_inode.c	2006/07/10 23:22:34	1.11
+++ cluster/gfs-kernel/src/gfs/ops_inode.c	2006/10/03 17:27:34	1.12
@@ -24,6 +24,7 @@
 #include <linux/mm.h>
 #include <linux/xattr.h>
 #include <linux/posix_acl.h>
+#include <linux/security.h>
 
 #include "gfs.h"
 #include "acl.h"
@@ -43,6 +44,48 @@
 #include "unlinked.h"
 
 /**
+ * gfs_security_init -
+ * @dip:
+ * @ip:
+ *
+ * Returns: errno
+ */
+
+static int
+gfs_security_init(struct gfs_inode *dip, struct gfs_inode *ip)
+{
+	int err;
+	size_t len;
+	void *value;
+	char *name;
+	struct gfs_ea_request er;
+
+	err = security_inode_init_security(ip->i_vnode, dip->i_vnode,
+					   &name, &value, &len);
+
+	if (err) {
+		if (err == -EOPNOTSUPP)
+			return 0;
+		return err;
+	}
+
+	memset(&er, 0, sizeof(struct gfs_ea_request));
+
+	er.er_type = GFS_EATYPE_SECURITY;
+	er.er_name = name;
+	er.er_data = value;
+	er.er_name_len = strlen(name);
+	er.er_data_len = len;
+
+	err = gfs_ea_set_i(ip, &er);
+
+	kfree(value);
+	kfree(name);
+
+	return err;
+}
+
+/**
  * gfs_create - Create a file
  * @dir: The directory in which to create the file
  * @dentry: The dentry of the new file
@@ -104,15 +147,20 @@
 		gfs_alloc_put(dip);
 	}
 
-	gfs_glock_dq_uninit(&d_gh);
-	gfs_glock_dq_uninit(&i_gh);
-
 	inode = gfs_iget(ip, CREATE);
 	gfs_inode_put(ip);
 
 	if (!inode)
 		return -ENOMEM;
 
+	error = gfs_security_init(dip, ip);
+
+	gfs_glock_dq_uninit(&d_gh);
+	gfs_glock_dq_uninit(&i_gh);
+
+	if (error)
+		return error;
+
 	d_instantiate(dentry, inode);
 	if (new)
 		mark_inode_dirty(inode);
@@ -595,11 +643,16 @@
 	gfs_unlinked_unlock(sdp, dip->i_alloc->al_ul);
 	gfs_alloc_put(dip);
 
+	inode = gfs_iget(ip, CREATE);
+	gfs_inode_put(ip);
+
+	error = gfs_security_init(dip, ip);
+
 	gfs_glock_dq_uninit(&d_gh);
 	gfs_glock_dq_uninit(&i_gh);
 
-	inode = gfs_iget(ip, CREATE);
-	gfs_inode_put(ip);
+	if (error)
+		return error;
 
 	if (!inode)
 		return -ENOMEM;
@@ -689,15 +742,20 @@
 	gfs_unlinked_unlock(sdp, dip->i_alloc->al_ul);
 	gfs_alloc_put(dip);
 
-	gfs_glock_dq_uninit(&d_gh);
-	gfs_glock_dq_uninit(&i_gh);
-
 	inode = gfs_iget(ip, CREATE);
 	gfs_inode_put(ip);
 
 	if (!inode)
 		return -ENOMEM;
 
+	error = gfs_security_init(dip, ip);
+
+	gfs_glock_dq_uninit(&d_gh);
+	gfs_glock_dq_uninit(&i_gh);
+
+	if (error)
+		return error;
+
 	d_instantiate(dentry, inode);
 	mark_inode_dirty(inode);
 
@@ -861,11 +919,16 @@
 	gfs_unlinked_unlock(sdp, dip->i_alloc->al_ul);
 	gfs_alloc_put(dip);
 
+	inode = gfs_iget(ip, CREATE);
+	gfs_inode_put(ip);
+
+	error = gfs_security_init(dip, ip);
+
 	gfs_glock_dq_uninit(&d_gh);
 	gfs_glock_dq_uninit(&i_gh);
 
-	inode = gfs_iget(ip, CREATE);
-	gfs_inode_put(ip);
+	if (error)
+		return error;
 
 	if (!inode)
 		return -ENOMEM;