From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ryan O'Hara <rohara@redhat.com>
Date: Fri, 29 Sep 2006 12:50:48 -0500
Subject: [Cluster-devel] [PATCH 1/1] GFS2 security initialization
Message-ID: <451D5CF8.5000706@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Initialize SELinux extended attributes at inode creation time.

Signed-Off-By: Ryan O'Hara <rohara@redhat.com>
---

diff -urpN gfs/fs/gfs2/inode.c gfs.selinux/fs/gfs2/inode.c
--- gfs/fs/gfs2/inode.c	2006-09-29 12:34:22.000000000 -0500
+++ gfs.selinux/fs/gfs2/inode.c	2006-09-29 12:35:50.000000000 -0500
@@ -17,6 +17,7 @@
  #include <linux/gfs2_ondisk.h>
  #include <linux/crc32.h>
  #include <linux/lm_interface.h>
+#include <linux/security.h>

  #include "gfs2.h"
  #include "incore.h"
@@ -24,6 +25,7 @@
  #include "bmap.h"
  #include "dir.h"
  #include "eattr.h"
+#include "eaops.h"
  #include "glock.h"
  #include "glops.h"
  #include "inode.h"
@@ -897,6 +899,10 @@ struct inode *gfs2_createi(struct gfs2_h
  	if (error)
  		goto fail_iput;

+	error = gfs2_security_init(dip, GFS2_I(inode));
+	if (error)
+		goto fail_iput;
+
  	error = link_dinode(dip, name, GFS2_I(inode));
  	if (error)
  		goto fail_iput;
@@ -1337,3 +1343,36 @@ int gfs2_setattr_simple(struct gfs2_inod
  	return error;
  }

+int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip)
+{
+	int err;
+	size_t len;
+	void *value;
+	char *name;
+	struct gfs2_ea_request er;
+
+	err = security_inode_init_security(&ip->i_inode, &dip->i_inode,
+					   &name, &value, &len);
+
+	if (err) {
+		if (err == -EOPNOTSUPP)
+			return 0;
+		return err;
+	}
+
+	memset(&er, 0, sizeof(struct gfs2_ea_request));
+
+	er.er_type = GFS2_EATYPE_SECURITY;
+	er.er_name = name;
+	er.er_data = value;
+	er.er_name_len = strlen(name);
+	er.er_data_len = len;
+
+	err = gfs2_ea_set_i(ip, &er);
+
+	kfree(value);
+	kfree(name);
+
+	return err;
+}
+
diff -urpN gfs/fs/gfs2/inode.h gfs.selinux/fs/gfs2/inode.h
--- gfs/fs/gfs2/inode.h	2006-09-29 12:34:22.000000000 -0500
+++ gfs.selinux/fs/gfs2/inode.h	2006-09-26 16:49:46.000000000 -0500
@@ -49,6 +49,7 @@ int gfs2_glock_nq_atime(struct gfs2_hold
  int gfs2_glock_nq_m_atime(unsigned int num_gh, struct gfs2_holder *ghs);

  int gfs2_setattr_simple(struct gfs2_inode *ip, struct iattr *attr);
+int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip);

  struct inode *gfs2_lookup_simple(struct inode *dip, const char *name);