[PATCH]Introduce generalized hooks for getting and setting inode secctx.
David P. Quigley
dpquigl at tycho.nsa.gov
Wed Apr 23 12:57:14 EDT 2008
This patch set does two things. First it factors the section of vfs_setxattr
that does the real work into a helper function. This allows LSMs the ability
to set the xattrs they need without hitting the permission check inside
vfs_setxattr each time. Second it introduces three new hooks
inode_{get,set}secctx, and inode_notifysecctx.
The first hook retreives all security information the LSM feels is relavent in
the form of a security context. The second hook given this context can sets
both the in-core and on-disk store for the particular inode. The third hook is
used to notify the in-core inode of a change to it's security state.
This is the fourth revision of this patch set which takes into account
concerns by Casey Schaufler, and Christop Hellwig.
fs/xattr.c | 57 ++++++++++++++++++++++++++++++++++-----------
include/linux/security.h | 50 ++++++++++++++++++++++++++++++++++++++++
include/linux/xattr.h | 1 +
security/dummy.c | 17 +++++++++++++
security/security.c | 18 ++++++++++++++
security/selinux/hooks.c | 28 ++++++++++++++++++++++
6 files changed, 157 insertions(+), 14 deletions(-)
More information about the NFSv4
mailing list