Tao Ma
2009-Feb-08 21:56 UTC
[Ocfs2-devel] [PATCH] ocfs2/security: Check xattr support in security_init.
If the system supports selinux, we will return sucessfully from
ocfs2_init_security_get if it is called for the mount point.
And in that case if the volume doesn't have xattr support, we
will not be able to create a new inode in the mount dir because
ocfs2_mknod will try to set security attributes for a new created
inode. This patch check xattr support in ocfs2_init_security_get,
so it will let ocfs2_mknod knows that we don't support xattr and
it don't need to init security for the new inode in that case.
Signed-off-by: Tao Ma <tao.ma at oracle.com>
---
fs/ocfs2/xattr.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
index 5aec833..8a7db21 100644
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -5289,6 +5289,9 @@ int ocfs2_init_security_get(struct inode *inode,
struct inode *dir,
struct ocfs2_security_xattr_info *si)
{
+ if (!ocfs2_supports_xattr(OCFS2_SB(inode->i_sb)))
+ return -EOPNOTSUPP;
+
return security_inode_init_security(inode, dir, &si->name,
&si->value,
&si->value_len);
}
--
1.5.4.4
Tiger Yang
2009-Feb-10 02:47 UTC
[Ocfs2-devel] [PATCH] ocfs2/security: Check xattr support in security_init.
Hi, Tao I already fixed this issue :) http://oss.oracle.com/pipermail/ocfs2-devel/2008-December/003559.html Thanks, tiger Tao Ma wrote:> If the system supports selinux, we will return sucessfully from > ocfs2_init_security_get if it is called for the mount point. > And in that case if the volume doesn't have xattr support, we > will not be able to create a new inode in the mount dir because > ocfs2_mknod will try to set security attributes for a new created > inode. This patch check xattr support in ocfs2_init_security_get, > so it will let ocfs2_mknod knows that we don't support xattr and > it don't need to init security for the new inode in that case. > > Signed-off-by: Tao Ma <tao.ma at oracle.com> > --- > fs/ocfs2/xattr.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c > index 5aec833..8a7db21 100644 > --- a/fs/ocfs2/xattr.c > +++ b/fs/ocfs2/xattr.c > @@ -5289,6 +5289,9 @@ int ocfs2_init_security_get(struct inode *inode, > struct inode *dir, > struct ocfs2_security_xattr_info *si) > { > + if (!ocfs2_supports_xattr(OCFS2_SB(inode->i_sb))) > + return -EOPNOTSUPP; > + > return security_inode_init_security(inode, dir, &si->name, &si->value, > &si->value_len); > }
Possibly Parallel Threads
- [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security()
- [PATCH v8 2/6] ocfs2: Switch to security_inode_init_security()
- [PATCH v7 2/6] ocfs2: Switch to security_inode_init_security()
- [PATCH v7 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
- [PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes