tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

fs/9p: xattr: add trusted and security namespaces

Allow requests for security.* and trusted.* xattr name spaces
to pass through to server.

The new files are 99% cut and paste from fs/9p/xattr_user.c with the
namespaces changed. It has the intended effect in superficial testing.
I do not know much detail about how these namespaces are used, but passing
them through to the server, which can decide whether to handle them or not,
seems reasonable.

I want to support a use case where an ext4 file system is mounted via 9P,
then re-exported via samba to windows clients in a cluster. Windows wants
to store xattrs such as security.NTACL. This works when ext4 directly
backs samba, but not when 9P is inserted. This use case is documented here:
http://code.google.com/p/diod/issues/detail?id=95

Signed-off-by: Jim Garlick <garlick@llnl.gov>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>

authored by

Jim Garlick and committed by
Eric Van Hensbergen d9a73859 2f28c8b3

+182 -1
+13
fs/9p/Kconfig
··· 31 31 If you don't know what Access Control Lists are, say N 32 32 33 33 endif 34 + 35 + 36 + config 9P_FS_SECURITY 37 + bool "9P Security Labels" 38 + depends on 9P_FS 39 + help 40 + Security labels support alternative access control models 41 + implemented by security modules like SELinux. This option 42 + enables an extended attribute handler for file security 43 + labels in the 9P filesystem. 44 + 45 + If you are not using a security module that requires using 46 + extended attributes for file security labels, say N.
+3 -1
fs/9p/Makefile
··· 11 11 v9fs.o \ 12 12 fid.o \ 13 13 xattr.o \ 14 - xattr_user.o 14 + xattr_user.o \ 15 + xattr_trusted.o 15 16 16 17 9p-$(CONFIG_9P_FSCACHE) += cache.o 17 18 9p-$(CONFIG_9P_FS_POSIX_ACL) += acl.o 19 + 9p-$(CONFIG_9P_FS_SECURITY) += xattr_security.o
+4
fs/9p/xattr.c
··· 167 167 168 168 const struct xattr_handler *v9fs_xattr_handlers[] = { 169 169 &v9fs_xattr_user_handler, 170 + &v9fs_xattr_trusted_handler, 170 171 #ifdef CONFIG_9P_FS_POSIX_ACL 171 172 &v9fs_xattr_acl_access_handler, 172 173 &v9fs_xattr_acl_default_handler, 174 + #endif 175 + #ifdef CONFIG_9P_FS_SECURITY 176 + &v9fs_xattr_security_handler, 173 177 #endif 174 178 NULL 175 179 };
+2
fs/9p/xattr.h
··· 20 20 21 21 extern const struct xattr_handler *v9fs_xattr_handlers[]; 22 22 extern struct xattr_handler v9fs_xattr_user_handler; 23 + extern struct xattr_handler v9fs_xattr_trusted_handler; 24 + extern struct xattr_handler v9fs_xattr_security_handler; 23 25 extern const struct xattr_handler v9fs_xattr_acl_access_handler; 24 26 extern const struct xattr_handler v9fs_xattr_acl_default_handler; 25 27
+80
fs/9p/xattr_security.c
··· 1 + /* 2 + * Copyright IBM Corporation, 2010 3 + * Author Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> 4 + * 5 + * This program is free software; you can redistribute it and/or modify it 6 + * under the terms of version 2.1 of the GNU Lesser General Public License 7 + * as published by the Free Software Foundation. 8 + * 9 + * This program is distributed in the hope that it would be useful, but 10 + * WITHOUT ANY WARRANTY; without even the implied warranty of 11 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 + * 13 + */ 14 + 15 + 16 + #include <linux/module.h> 17 + #include <linux/string.h> 18 + #include <linux/fs.h> 19 + #include <linux/slab.h> 20 + #include "xattr.h" 21 + 22 + static int v9fs_xattr_security_get(struct dentry *dentry, const char *name, 23 + void *buffer, size_t size, int type) 24 + { 25 + int retval; 26 + char *full_name; 27 + size_t name_len; 28 + size_t prefix_len = XATTR_SECURITY_PREFIX_LEN; 29 + 30 + if (name == NULL) 31 + return -EINVAL; 32 + 33 + if (strcmp(name, "") == 0) 34 + return -EINVAL; 35 + 36 + name_len = strlen(name); 37 + full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL); 38 + if (!full_name) 39 + return -ENOMEM; 40 + memcpy(full_name, XATTR_SECURITY_PREFIX, prefix_len); 41 + memcpy(full_name+prefix_len, name, name_len); 42 + full_name[prefix_len + name_len] = '\0'; 43 + 44 + retval = v9fs_xattr_get(dentry, full_name, buffer, size); 45 + kfree(full_name); 46 + return retval; 47 + } 48 + 49 + static int v9fs_xattr_security_set(struct dentry *dentry, const char *name, 50 + const void *value, size_t size, int flags, int type) 51 + { 52 + int retval; 53 + char *full_name; 54 + size_t name_len; 55 + size_t prefix_len = XATTR_SECURITY_PREFIX_LEN; 56 + 57 + if (name == NULL) 58 + return -EINVAL; 59 + 60 + if (strcmp(name, "") == 0) 61 + return -EINVAL; 62 + 63 + name_len = strlen(name); 64 + full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL); 65 + if (!full_name) 66 + return -ENOMEM; 67 + memcpy(full_name, XATTR_SECURITY_PREFIX, prefix_len); 68 + memcpy(full_name + prefix_len, name, name_len); 69 + full_name[prefix_len + name_len] = '\0'; 70 + 71 + retval = v9fs_xattr_set(dentry, full_name, value, size, flags); 72 + kfree(full_name); 73 + return retval; 74 + } 75 + 76 + struct xattr_handler v9fs_xattr_security_handler = { 77 + .prefix = XATTR_SECURITY_PREFIX, 78 + .get = v9fs_xattr_security_get, 79 + .set = v9fs_xattr_security_set, 80 + };
+80
fs/9p/xattr_trusted.c
··· 1 + /* 2 + * Copyright IBM Corporation, 2010 3 + * Author Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> 4 + * 5 + * This program is free software; you can redistribute it and/or modify it 6 + * under the terms of version 2.1 of the GNU Lesser General Public License 7 + * as published by the Free Software Foundation. 8 + * 9 + * This program is distributed in the hope that it would be useful, but 10 + * WITHOUT ANY WARRANTY; without even the implied warranty of 11 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 12 + * 13 + */ 14 + 15 + 16 + #include <linux/module.h> 17 + #include <linux/string.h> 18 + #include <linux/fs.h> 19 + #include <linux/slab.h> 20 + #include "xattr.h" 21 + 22 + static int v9fs_xattr_trusted_get(struct dentry *dentry, const char *name, 23 + void *buffer, size_t size, int type) 24 + { 25 + int retval; 26 + char *full_name; 27 + size_t name_len; 28 + size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN; 29 + 30 + if (name == NULL) 31 + return -EINVAL; 32 + 33 + if (strcmp(name, "") == 0) 34 + return -EINVAL; 35 + 36 + name_len = strlen(name); 37 + full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL); 38 + if (!full_name) 39 + return -ENOMEM; 40 + memcpy(full_name, XATTR_TRUSTED_PREFIX, prefix_len); 41 + memcpy(full_name+prefix_len, name, name_len); 42 + full_name[prefix_len + name_len] = '\0'; 43 + 44 + retval = v9fs_xattr_get(dentry, full_name, buffer, size); 45 + kfree(full_name); 46 + return retval; 47 + } 48 + 49 + static int v9fs_xattr_trusted_set(struct dentry *dentry, const char *name, 50 + const void *value, size_t size, int flags, int type) 51 + { 52 + int retval; 53 + char *full_name; 54 + size_t name_len; 55 + size_t prefix_len = XATTR_TRUSTED_PREFIX_LEN; 56 + 57 + if (name == NULL) 58 + return -EINVAL; 59 + 60 + if (strcmp(name, "") == 0) 61 + return -EINVAL; 62 + 63 + name_len = strlen(name); 64 + full_name = kmalloc(prefix_len + name_len + 1 , GFP_KERNEL); 65 + if (!full_name) 66 + return -ENOMEM; 67 + memcpy(full_name, XATTR_TRUSTED_PREFIX, prefix_len); 68 + memcpy(full_name + prefix_len, name, name_len); 69 + full_name[prefix_len + name_len] = '\0'; 70 + 71 + retval = v9fs_xattr_set(dentry, full_name, value, size, flags); 72 + kfree(full_name); 73 + return retval; 74 + } 75 + 76 + struct xattr_handler v9fs_xattr_trusted_handler = { 77 + .prefix = XATTR_TRUSTED_PREFIX, 78 + .get = v9fs_xattr_trusted_get, 79 + .set = v9fs_xattr_trusted_set, 80 + };