From: Steve Dickson <SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Trond Myklebust
<Trond.Myklebust-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>,
"J. Bruce Fields"
<bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"David P. Quigley"
<dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
Cc: Linux NFS list
<linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux FS devel list
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux Security List
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
SELinux List <selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
Subject: [PATCH 00/15] lnfs: 3.8-rc6 release
Date: Fri, 8 Feb 2013 07:39:08 -0500 [thread overview]
Message-ID: <1360327163-20360-1-git-send-email-SteveD@redhat.com> (raw)
From: Steve Dickson <steved-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Here is the next release of the Label NFS code, forward ported to linux-3.8-rc6.
I've incorporated all of the code review comments (thank you for that time) with the exception of the following:
> Why not use the more common construct of defining
>
> struct nfs4_label {
> ....
> char label[NFS4_MAXLABELLEN];
> };
It makes things easier to keep label a pointer verses an array when it comes to initializing the structure (see _nfs4_get_security_label()), although I did
decrease NFS4_MAXLABELLEN to (4095 - offsetof(struct nfs4_label , label))
> + u32 attr_bitmask_nl[3];
> + /* V4 bitmask representing the
> + set of attributes supported
> + on this filesystem excluding
> + the label support bit. */
>
> Can't we just have attr_bitmask_nl point to attr_bitmask when not #ifdef
> CONFIG_NFS_V4_SECURITY_LABEL?
I'm thinking having both bitmasks makes it more obvious as to what is or is not
being used. I'm referring to the code in _nfs4_proc_getattr() and _nfs4_proc_lookup().
If the label is not set, use the non label bit mask verses hiding things behind
a pointer and not really knowing what bit mask is being used.
I also found and fixed a couple memory leaks...
The Fedora kernel rpms that have the patches are under
http://steved.fedorapeople.org/lnfs/kernels/
A wireshark rpm that can dissect the labels is under
http://steved.fedorapeople.org/lnfs/wireshark/
The actual patches from this release are under
http://steved.fedorapeople.org/lnfs/patches/lnfs-v3.8-rc6
Dave Quigley (3):
NFS:Add labels to client function prototypes
NFS: Add label lifecycle management
lnfs: Do not sleep holding the inode spin lock
David Quigley (10):
Security: Add hook to calculate context based on a negative dentry.
Security: Add Hook to test if the particular xattr is part of a MAC
model.
LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount
data.
SELinux: Add new labeling type native labels
NFSv4: Add label recommended attribute and NFSv4 flags
NFSv4: Introduce new label structure
NFSv4: Extend fattr bitmaps to support all 3 words
NFS: Client implementation of Labeled-NFS
NFS: Extend NFS xattr handlers to accept the security namespace
NFSD: Server implementation of MAC Labeling
Steve Dickson (2):
Kconfig: Add Kconfig entry for Labeled NFS V4 client
Kconfig: Add Kconfig entry for Labeled NFS V4 server
fs/nfs/Kconfig | 18 ++
fs/nfs/client.c | 2 +-
fs/nfs/dir.c | 46 ++-
fs/nfs/getroot.c | 2 +-
fs/nfs/inode.c | 140 +++++++--
fs/nfs/namespace.c | 2 +-
fs/nfs/nfs3acl.c | 4 +-
fs/nfs/nfs3proc.c | 41 +--
fs/nfs/nfs4_fs.h | 8 +-
fs/nfs/nfs4namespace.c | 2 +-
fs/nfs/nfs4proc.c | 565 ++++++++++++++++++++++++++++++++----
fs/nfs/nfs4xdr.c | 199 ++++++++++---
fs/nfs/proc.c | 15 +-
fs/nfs/super.c | 17 +-
fs/nfsd/Kconfig | 16 +
fs/nfsd/nfs4proc.c | 41 +++
fs/nfsd/nfs4xdr.c | 116 +++++++-
fs/nfsd/nfsd.h | 8 +-
fs/nfsd/vfs.c | 30 ++
fs/nfsd/vfs.h | 2 +
fs/nfsd/xdr4.h | 3 +
include/linux/nfs4.h | 8 +
include/linux/nfs_fs.h | 29 +-
include/linux/nfs_fs_sb.h | 10 +-
include/linux/nfs_xdr.h | 30 +-
include/linux/security.h | 57 +++-
include/uapi/linux/nfs4.h | 2 +-
security/capability.c | 19 +-
security/security.c | 24 +-
security/selinux/hooks.c | 92 +++++-
security/selinux/include/security.h | 2 +
security/selinux/ss/policydb.c | 5 +-
security/smack/smack_lsm.c | 11 +
33 files changed, 1352 insertions(+), 214 deletions(-)
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next reply other threads:[~2013-02-08 12:39 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-08 12:39 Steve Dickson [this message]
2013-02-08 12:39 ` [PATCH 01/15] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2013-02-08 12:39 ` [PATCH 02/15] Security: Add Hook to test if the particular xattr is part of a MAC model Steve Dickson
2013-02-08 12:39 ` [PATCH 03/15] LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data Steve Dickson
2013-02-08 12:39 ` [PATCH 04/15] SELinux: Add new labeling type native labels Steve Dickson
2013-02-08 12:39 ` [PATCH 05/15] NFSv4: Add label recommended attribute and NFSv4 flags Steve Dickson
2013-02-08 12:39 ` [PATCH 06/15] NFSv4: Introduce new label structure Steve Dickson
2013-02-12 22:07 ` J. Bruce Fields
[not found] ` <20130212220741.GJ10267-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2013-02-12 22:28 ` Myklebust, Trond
2013-02-12 22:32 ` J. Bruce Fields
2013-02-12 22:40 ` Myklebust, Trond
2013-02-12 23:06 ` J. Bruce Fields
2013-02-13 0:30 ` Steve Dickson
2013-02-08 12:39 ` [PATCH 07/15] NFSv4: Extend fattr bitmaps to support all 3 words Steve Dickson
2013-02-08 12:39 ` [PATCH 08/15] NFS:Add labels to client function prototypes Steve Dickson
2013-02-08 12:39 ` [PATCH 09/15] NFS: Add label lifecycle management Steve Dickson
2013-02-12 22:27 ` J. Bruce Fields
2013-02-16 20:28 ` Steve Dickson
[not found] ` <1360327163-20360-1-git-send-email-SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-08 12:39 ` [PATCH 10/15] NFS: Client implementation of Labeled-NFS Steve Dickson
2013-02-12 23:03 ` J. Bruce Fields
2013-02-16 20:35 ` Steve Dickson
[not found] ` <511FED8E.7020308-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2013-02-16 22:30 ` J. Bruce Fields
2013-02-17 1:24 ` Steve Dickson
2013-02-17 1:47 ` Steve Dickson
2013-02-08 12:39 ` [PATCH 11/15] NFS: Extend NFS xattr handlers to accept the security namespace Steve Dickson
2013-02-08 12:39 ` [PATCH 12/15] lnfs: Do not sleep holding the inode spin lock Steve Dickson
[not found] ` <1360327163-20360-13-git-send-email-SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-13 15:16 ` J. Bruce Fields
[not found] ` <20130213151610.GI14195-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2013-02-16 20:36 ` Steve Dickson
2013-02-08 12:39 ` [PATCH 13/15] Kconfig: Add Kconfig entry for Labeled NFS V4 client Steve Dickson
2013-02-08 12:39 ` [PATCH 14/15] NFSD: Server implementation of MAC Labeling Steve Dickson
2013-02-12 22:54 ` J. Bruce Fields
2013-02-12 23:07 ` J. Bruce Fields
[not found] ` <20130212225425.GM10267-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2013-02-16 20:44 ` Steve Dickson
[not found] ` <511FEFCB.2090002-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2013-02-16 22:34 ` J. Bruce Fields
2013-02-08 12:39 ` [PATCH 15/15] Kconfig: Add Kconfig entry for Labeled NFS V4 server Steve Dickson
2013-02-12 21:41 ` [PATCH 00/15] lnfs: 3.8-rc6 release J. Bruce Fields
2013-02-12 22:02 ` Casey Schaufler
2013-02-12 22:13 ` J. Bruce Fields
2013-02-13 0:32 ` Steve Dickson
2013-02-13 0:55 ` Casey Schaufler
2013-02-12 23:11 ` J. Bruce Fields
[not found] ` <20130212231113.GQ10267-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2013-02-12 23:18 ` Myklebust, Trond
2013-02-13 0:11 ` J. Bruce Fields
2013-02-13 0:21 ` J. Bruce Fields
2013-02-13 0:28 ` Steve Dickson
2013-02-13 15:05 ` J. Bruce Fields
2013-02-13 15:33 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1360327163-20360-1-git-send-email-SteveD@redhat.com \
--to=steved-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=Trond.Myklebust-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org \
--cc=bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).