[Jfs-discussion] [PATCH] [SELinux] JFS, Fedora Core 2 and Security Labels
Brought to you by:
blaschke-oss,
shaggyk
From: Dave K. <sh...@au...> - 2004-05-13 18:09:14
|
Here's a more comprehensive patch to add the security and trusted namespaces. I added the CONFIG_JFS_SECURITY option to enable the security labels. diff -urp linux-2.6/fs/jfs/xattr.c linux/fs/jfs/xattr.c --- linux-2.6/fs/jfs/xattr.c 2004-05-13 08:09:03.000000000 -0500 +++ linux/fs/jfs/xattr.c 2004-05-13 10:01:42.000000000 -0500 @@ -90,6 +90,12 @@ struct ea_buffer { #define XATTR_OS2_PREFIX "os2." #define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1) +/* XATTR_SECURITY_PREFIX is defined in include/linux/xattr.h */ +#define XATTR_SECURITY_PREFIX_LEN (sizeof (XATTR_SECURITY_PREFIX) - 1) + +#define XATTR_TRUSTED_PREFIX "trusted." +#define XATTR_TRUSTED_PREFIX_LEN (sizeof (XATTR_TRUSTED_PREFIX) - 1) + /* * These three routines are used to recognize on-disk extended attributes * that are in a recognized namespace. If the attribute is not recognized, @@ -110,6 +116,19 @@ static inline int is_os2_xattr(struct jf !strncmp(ea->name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) return FALSE; /* + * Check for "security." + */ + if ((ea->namelen >= XATTR_SECURITY_PREFIX_LEN) && + !strncmp(ea->name, XATTR_SECURITY_PREFIX, + XATTR_SECURITY_PREFIX_LEN)) + return FALSE; + /* + * Check for "trusted." + */ + if ((ea->namelen >= XATTR_TRUSTED_PREFIX_LEN) && + !strncmp(ea->name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) + return FALSE; + /* * Add any other valid namespace prefixes here */ @@ -729,6 +748,15 @@ static int can_set_xattr(struct inode *i */ return can_set_system_xattr(inode, name, value, value_len); + if(strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0) + return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); + +#ifdef CONFIG_JFS_SECURITY + if (strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) + != 0) + return 0; /* Leave it to the security module */ +#endif + if((strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) != 0) && (strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) != 0)) return -EOPNOTSUPP; @@ -900,6 +928,14 @@ int jfs_setxattr(struct dentry *dentry, static int can_get_xattr(struct inode *inode, const char *name) { +#ifdef CONFIG_JFS_SECURITY + if(strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) == 0) + return 0; +#endif + + if(strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) == 0) + return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); + #ifdef CONFIG_JFS_POSIX_ACL if(strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) == 0) return 0; @@ -988,6 +1024,16 @@ ssize_t jfs_getxattr(struct dentry *dent return err; } +/* + * No special permissions are needed to list attributes except for trusted.* + */ +static inline int can_list(struct jfs_ea *ea) +{ + return (strncmp(ea->name, XATTR_TRUSTED_PREFIX, + XATTR_TRUSTED_PREFIX_LEN) || + capable(CAP_SYS_ADMIN)); +} + ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) { struct inode *inode = dentry->d_inode; @@ -1012,8 +1058,10 @@ ssize_t jfs_listxattr(struct dentry * de ealist = (struct jfs_ea_list *) ea_buf.xattr; /* compute required size of list */ - for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) - size += name_size(ea) + 1; + for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) { + if (can_list(ea)) + size += name_size(ea) + 1; + } if (!data) goto release; @@ -1026,8 +1074,10 @@ ssize_t jfs_listxattr(struct dentry * de /* Copy attribute names to buffer */ buffer = data; for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) { - int namelen = copy_name(buffer, ea); - buffer += namelen + 1; + if (can_list(ea)) { + int namelen = copy_name(buffer, ea); + buffer += namelen + 1; + } } release: diff -urp linux-2.6/fs/Kconfig linux/fs/Kconfig --- linux-2.6/fs/Kconfig 2004-05-13 09:55:30.000000000 -0500 +++ linux/fs/Kconfig 2004-05-13 09:57:43.000000000 -0500 @@ -299,6 +299,18 @@ config JFS_POSIX_ACL If you don't know what Access Control Lists are, say N +config JFS_SECURITY + bool "JFS Security Labels" + depends on JFS_FS + help + Security labels support alternative access control models + implemented by security modules like SELinux. This option + enables an extended attribute handler for file security + labels in the jfs filesystem. + + If you are not using a security module that requires using + extended attributes for file security labels, say N. + config JFS_DEBUG bool "JFS debugging" depends on JFS_FS -- David Kleikamp IBM Linux Technology Center |