unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../fs
History
David P. Quigley ddd29ec659 sysfs: Add labeling support for sysfs 
This patch adds a setxattr handler to the file, directory, and symlink
inode_operations structures for sysfs. The patch uses hooks introduced in the
previous patch to handle the getting and setting of security information for
the sysfs inodes. As was suggested by Eric Biederman the struct iattr in the
sysfs_dirent structure has been replaced by a structure which contains the
iattr, secdata and secdata length to allow the changes to persist in the event
that the inode representing the sysfs_dirent is evicted. Because sysfs only
stores this information when a change is made all the optional data is moved
into one dynamically allocated field.

This patch addresses an issue where SELinux was denying virtd access to the PCI
configuration entries in sysfs. The lack of setxattr handlers for sysfs
required that a single label be assigned to all entries in sysfs. Granting virtd
access to every entry in sysfs is not an acceptable solution so fine grained
labeling of sysfs is required such that individual entries can be labeled
appropriately.

[sds:  Fixed compile-time warnings, coding style, and setting of inode security init flags.]

Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2009-09-10 10:11:29 +10:00
..
9p 9p: Fix incorrect parameters to v9fs_file_readn. 2009-07-14 15:54:42 -05:00
adfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
affs
afs AFS: Fix compilation warning 2009-07-12 12:24:07 -07:00
autofs
autofs4 headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
befs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-06-17 08:46:57 -07:00
bfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2009-08-07 19:03:09 -07:00
cachefiles
cifs [CIFS] Update readme to reflect forceuid mount parms 2009-08-04 03:53:28 +00:00
coda
configfs
cramfs
debugfs
devpts devpts: remove module-related code 2009-06-24 08:15:24 -04:00
dlm dlm: free socket in error exit path 2009-07-14 12:28:43 -05:00
ecryptfs eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size 2009-07-28 14:26:06 -07:00
efs get rid of BKL in fs/efs 2009-06-17 00:36:36 -04:00
exofs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
exportfs
ext2 headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
ext3 ext3: Get rid of extenddisksize parameter of ext3_get_blocks_handle() 2009-07-15 21:30:46 +02:00
ext4 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2009-07-13 16:39:25 -07:00
fat headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
freevxfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
fscache
fuse Revert "fuse: Fix build error" as unnecessary 2009-07-11 11:22:34 -07:00
gfs2 GFS2: Fix permissions on "recover" file 2009-08-14 14:04:46 +01:00
hfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
hfsplus headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
hostfs hostfs: set maximum filesize in superblock for proper LFS support 2009-06-30 18:56:03 -07:00
hpfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
hppfs
hugetlbfs
isofs isofs: fix Joliet regression 2009-07-10 19:18:59 -07:00
jbd jbd: fix race between write_metadata_buffer and get_write_access 2009-07-21 11:54:42 +02:00
jbd2 jbd2: fix race between write_metadata_buffer and get_write_access 2009-07-13 17:55:35 -04:00
jffs2 jffs2: Fix return value from jffs2_do_readpage_nolock() 2009-08-04 12:13:06 +01:00
jfs jfs: Fix early release of acl in jfs_get_acl 2009-07-23 11:08:36 -05:00
lockd headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
minix Making fs/minix/minix.h double including safe 2009-06-22 11:34:42 -07:00
ncpfs
nfs NFS: Fix an O_DIRECT Oops... 2009-08-12 08:21:39 -07:00
nfs_common
nfsd CRED: Add some configurable debugging [try #6] 2009-09-02 21:29:01 +10:00
nilfs2 nilfs2: fix oopses with doubly mounted snapshots 2009-08-19 02:10:13 +09:00
nls
notify inotify: start watch descriptor count at 1 2009-08-17 13:37:37 -07:00
ntfs ntfs: use is_power_of_2() function for clarity. 2009-06-16 19:47:48 -07:00
ocfs2 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2 2009-08-13 11:17:40 -07:00
omfs
openpromfs
partitions partitions: fix broken uevent_suppress conversion 2009-07-12 13:02:09 -07:00
proc mm: revert "oom: move oom_adj value" 2009-08-18 16:31:13 -07:00
qnx4
quota quota: Silence lockdep on quota_on 2009-07-30 17:31:23 +02:00
ramfs fs/ramfs/file-nommu.c needs include/linux/sched.h 2009-07-29 19:10:36 -07:00
reiserfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
romfs
smbfs
squashfs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
sysfs sysfs: Add labeling support for sysfs 2009-09-10 10:11:29 +10:00
sysv get rid of BKL in fs/sysv 2009-06-17 00:36:37 -04:00
ubifs headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
udf udf: Fix loading of VAT inode when drive wrongly reports number of recorded blocks 2009-07-30 17:28:26 +02:00
ufs ufs: sector_t cannot be negative 2009-06-18 13:03:46 -07:00
xfs xfs: fix locking in xfs_iget_cache_hit 2009-08-17 01:23:48 -05:00
aio.c eventfd: revised interface and cleanups 2009-06-30 18:55:58 -07:00
anon_inodes.c fs: Provide empty .set_page_dirty() aop for anon inodes 2009-06-18 14:46:10 +02:00
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c elf: fix one check-after-use 2009-07-01 11:14:28 -07:00
binfmt_elf_fdpic.c elf_core_dump: use rcu_read_lock() to access ->real_parent 2009-06-18 13:03:52 -07:00
binfmt_em86.c
binfmt_flat.c flat: fix uninitialized ptr with shared libs 2009-08-07 10:39:57 -07:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: Create bip slabs with embedded integrity vectors 2009-07-01 10:56:25 +02:00
bio.c block: fix sg SG_DXFER_TO_FROM_DEV regression 2009-07-10 20:31:53 +02:00
block_dev.c PM / Hibernate: Replace bdget call with simple atomic_inc of i_count 2009-07-29 21:07:55 +02:00
buffer.c
char_dev.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
compat.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
compat_binfmt_elf.c
compat_ioctl.c compat_ioctl: hook up compat handler for FIEMAP ioctl 2009-08-07 10:39:56 -07:00
dcache.c
dcookies.c
direct-io.c
drop_caches.c
eventfd.c eventfd: revised interface and cleanups 2009-06-30 18:55:58 -07:00
eventpoll.c epoll: fix nested calls support 2009-06-18 13:03:41 -07:00
exec.c cred_guard_mutex: do not return -EINTR to user-space 2009-07-06 13:57:04 -07:00
fcntl.c headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
fifo.c
file.c
file_table.c
filesystems.c
fs-writeback.c cleanup __writeback_single_inode 2009-06-24 08:15:26 -04:00
fs_struct.c
generic_acl.c
inode.c vfs: add __destroy_inode 2009-08-07 14:38:29 -03:00
internal.h
ioctl.c fs: Add new pre-allocation ioctls to vfs for compatibility with legacy xfs ioctls 2009-06-24 08:15:27 -04:00
ioprio.c
Kconfig fs/Kconfig: move nilfs2 out 2009-07-14 12:34:17 +09:00
Kconfig.binfmt
libfs.c vfs: make get_sb_pseudo set s_maxbytes to value that can be cast to signed 2009-08-18 16:31:12 -07:00
locks.c security: fix security_file_lock cmd argument 2009-07-17 07:41:23 +10:00
Makefile
mbcache.c
mpage.c
namei.c IMA: open new file for read 2009-09-03 12:06:12 +10:00
namespace.c vfs: mnt_want_write_file(): fix special file handling 2009-08-07 10:39:56 -07:00
nfsctl.c
no-block.c
open.c CRED: Add some configurable debugging [try #6] 2009-09-02 21:29:01 +10:00
pipe.c lockdep: Fix lockdep annotation for pipe_double_lock() 2009-07-22 21:14:14 +02:00
pnode.c
pnode.h
posix_acl.c
read_write.c
read_write.h
readdir.c
select.c poll/select: initialize triggered field of struct poll_wqueues 2009-08-15 18:40:11 -07:00
seq_file.c seq_file: add function to write binary data 2009-06-18 13:03:57 -07:00
signalfd.c
splice.c
stack.c
stat.c
super.c ... and the same for vfsmount id/mount group id 2009-06-24 08:15:26 -04:00
sync.c sys_sync(): fix 16% performance regression in ffsb create_4k test 2009-07-06 13:57:03 -07:00
timerfd.c
utimes.c
xattr.c VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx. 2009-09-10 10:11:22 +10:00
xattr_acl.c