kernel-ark/fs
James Morris d381d8a9a0 [PATCH] SELinux: canonicalize getxattr()
This patch allows SELinux to canonicalize the value returned from
getxattr() via the security_inode_getsecurity() hook, which is called after
the fs level getxattr() function.

The purpose of this is to allow the in-core security context for an inode
to override the on-disk value.  This could happen in cases such as
upgrading a system to a different labeling form (e.g.  standard SELinux to
MLS) without needing to do a full relabel of the filesystem.

In such cases, we want getxattr() to return the canonical security context
that the kernel is using rather than what is stored on disk.

The implementation hooks into the inode_getsecurity(), adding another
parameter to indicate the result of the preceding fs-level getxattr() call,
so that SELinux knows whether to compare a value obtained from disk with
the kernel value.

We also now allow getxattr() to work for mountpoint labeled filesystems
(i.e.  mount with option context=foo_t), as we are able to return the
kernel value to the user.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-30 17:37:11 -08:00
..
9p [PATCH] v9fs: remove additional buffer allocation from v9fs_file_read and v9fs_file_write 2005-10-11 09:46:54 -07:00
adfs
affs
afs [PATCH] mm: split page table lock 2005-10-29 21:40:42 -07:00
autofs
autofs4
befs
bfs [PATCH] bfs iget() abuses 2005-10-04 13:22:01 -07:00
cifs [PATCH] cifs: Add support for suspend 2005-09-23 11:37:53 -07:00
coda [PATCH] Driver Core: fix up all callers of class_device_create() 2005-10-28 09:52:52 -07:00
cramfs [PATCH] fs/cramfs/uncompress.c should #include <linux/cramfs_fs.h> 2005-09-10 10:06:35 -07:00
debugfs
devfs
devpts
efs
exportfs
ext2 [PATCH] Fix ext2_new_inode() failure paths 2005-09-28 07:46:40 -07:00
ext3 [PATCH] Fix ext3 warning for unused var 2005-10-28 13:57:57 -07:00
fat [PATCH] fat: fix adate 2005-09-21 10:12:18 -07:00
freevxfs
fuse [PATCH] fuse: check O_DIRECT 2005-09-30 12:41:18 -07:00
hfs [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
hfsplus [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
hostfs [PATCH] uml: remove empty hostfs_truncate method 2005-09-30 12:41:18 -07:00
hpfs
hppfs
hugetlbfs [PATCH] hugetlb: overcommit accounting check 2005-10-29 21:40:43 -07:00
isofs
jbd [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
jffs [PATCH] janitor: jffs/intrep: list_for_each_entry 2005-09-10 10:06:32 -07:00
jffs2
jfs [PATCH] mm: split page table lock 2005-10-29 21:40:42 -07:00
lockd [PATCH] RPC: remove xprt->nocong 2005-09-23 12:38:47 -04:00
minix
msdos
ncpfs
nfs [PATCH] NFS: Remove unbalanced spin_unlock() calls from nfs_refresh_inode() 2005-10-30 14:46:47 -08:00
nfs_common [PATCH] nfsacl: Solaris VxFS compatibility fix 2005-10-11 09:46:54 -07:00
nfsd [PATCH] nfsd4: fix setclientid unlock of unlocked state lock 2005-09-13 08:22:32 -07:00
nls
ntfs [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
openpromfs
partitions Merge ../bleed-2.6 2005-10-28 10:13:16 -07:00
proc [PATCH] mm: follow_page with inner ptlock 2005-10-29 21:40:41 -07:00
qnx4
ramfs
reiserfs [PATCH] gfp_t: reiserfs mapping_set_gfp_mask() use 2005-10-28 08:16:51 -07:00
relayfs [PATCH] relayfs: fix bogus param value in call to vmap 2005-10-10 08:39:50 -07:00
romfs
smbfs [PATCH] fs: fix-up schedule_timeout() usage 2005-09-10 10:06:36 -07:00
sysfs
sysv
udf
ufs
vfat
xfs [PATCH] mm: split page table lock 2005-10-29 21:40:42 -07:00
aio.c [PATCH] aio syscalls are not checked by lsm 2005-10-23 16:38:38 -07:00
attr.c
bad_inode.c
binfmt_aout.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
binfmt_elf_fdpic.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
binfmt_elf.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
binfmt_em86.c
binfmt_flat.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
bio.c [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
block_dev.c
buffer.c [PATCH] mm: split page table lock 2005-10-29 21:40:42 -07:00
char_dev.c
compat_ioctl.c [PATCH] usb: Patch for USBDEVFS_IOCTL from 32-bit programs 2005-10-28 16:47:46 -07:00
compat.c [PATCH] mm: update_hiwaters just in time 2005-10-29 21:40:39 -07:00
dcache.c [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
dcookies.c
direct-io.c [PATCH] core remove PageReserved 2005-10-29 21:40:39 -07:00
dnotify.c
dquot.c [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
eventpoll.c [PATCH] epoll: handle timeout overflow 2005-09-28 07:46:41 -07:00
exec.c [PATCH] mm: ptd_alloc take ptlock 2005-10-29 21:40:40 -07:00
fcntl.c
fifo.c
file_table.c
file.c [PATCH] Fix the fdtable freeing in the case of vmalloced fdset/arrays 2005-09-14 12:38:26 -07:00
filesystems.c
fs-writeback.c
inode.c [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
inotify.c [PATCH] inotify/idr leak fix 2005-10-23 16:38:39 -07:00
ioctl.c
ioprio.c
Kconfig [PATCH] CONFIG_IA32 2005-10-30 17:37:10 -08:00
Kconfig.binfmt [PATCH] CONFIG_IA32 2005-10-30 17:37:10 -08:00
libfs.c
locks.c Fix Connectathon locking test failure 2005-10-18 14:20:21 -07:00
Makefile
mbcache.c [PATCH] gfp_t: fs/* 2005-10-28 08:16:47 -07:00
mpage.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
namei.c VFS: Make link_path_walk set LOOKUP_CONTINUE before calling permission(). 2005-10-18 14:20:18 -07:00
namespace.c [PATCH] janitor: fs/namespace.c: list_for_each_entry 2005-09-10 10:06:32 -07:00
nfsctl.c
open.c VFS: Allow the filesystem to return a full file pointer on open intent 2005-10-18 14:20:16 -07:00
pipe.c [PATCH] sched: TASK_NONINTERACTIVE 2005-09-10 10:06:22 -07:00
posix_acl.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
quota_v1.c
quota_v2.c
quota.c
read_write.c [PATCH] readv/writev syscalls are not checked by lsm 2005-09-29 15:42:08 -07:00
readdir.c
select.c
seq_file.c
stat.c
super.c
xattr_acl.c
xattr.c [PATCH] SELinux: canonicalize getxattr() 2005-10-30 17:37:11 -08:00