summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-09-03 15:55:18 -0700
committerLinus Torvalds <torvalds@evo.osdl.org>2005-09-05 00:05:52 -0700
commitf549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1 (patch)
tree40d827736575f2a8c489761599e9a1e5e45005be /net
parentb5bf6c55edf94e9c7fc01724d5b271f78eaf1d3f (diff)
downloadlinux-3.10-f549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1.tar.gz
linux-3.10-f549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1.tar.bz2
linux-3.10-f549d6c18c0e8e6cf1bf0e7a47acc1daf7e2cec1.zip
[PATCH] Generic VFS fallback for security xattrs
This patch modifies the VFS setxattr, getxattr, and listxattr code to fall back to the security module for security xattrs if the filesystem does not support xattrs natively. This allows security modules to export the incore inode security label information to userspace even if the filesystem does not provide xattr storage, and eliminates the need to individually patch various pseudo filesystem types to provide such access. The patch removes the existing xattr code from devpts and tmpfs as it is then no longer needed. The patch restructures the code flow slightly to reduce duplication between the normal path and the fallback path, but this should only have one user-visible side effect - a program may get -EACCES rather than -EOPNOTSUPP if policy denied access but the filesystem didn't support the operation anyway. Note that the post_setxattr hook call is not needed in the fallback case, as the inode_setsecurity hook call handles the incore inode security state update directly. In contrast, we do call fsnotify in both cases. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions