[PATCH 05/11] NFSv4: Add label recommended attribute and NFSv4 flags

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: David P. Quigley <dpquigl@...>

To: <hch@...>, <viro@...>, <trond.myklebust@...>, <bfields@...>

Cc: <linux-kernel@...>, <linux-fsdevel@...>, David P. Quigley <dpquigl@...>

Subject: [PATCH 05/11] NFSv4: Add label recommended attribute and NFSv4 flags

Date: Wednesday, February 27, 2008 - 4:39 pm

This patch adds a new recommended attribute named label into the NFSv4 file
attribute structure. It also adds several new flags to allow the
NFS client and server to determine if this attribute is supported and if it is
being sent over the wire.

Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
---
 fs/nfs/nfs4proc.c           |    3 +++
 include/linux/nfs4.h        |    2 ++
 include/linux/nfs_fs_sb.h   |    1 +
 include/linux/nfs_xdr.h     |    4 ++++
 include/linux/nfsd/export.h |    5 +++--
 include/linux/nfsd/nfsd.h   |    7 ++++---
 6 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 7ce0786..42e5cf7 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -96,6 +96,9 @@ const u32 nfs4_fattr_bitmap[2] = {
 	| FATTR4_WORD1_TIME_ACCESS
 	| FATTR4_WORD1_TIME_METADATA
 	| FATTR4_WORD1_TIME_MODIFY
+#ifdef CONFIG_NFS_V4_SECURITY_LABEL
+	| FATTR4_WORD1_SECURITY_LABEL
+#endif
 };
 
 const u32 nfs4_statfs_bitmap[2] = {
diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h
index 8726491..af90403 100644
--- a/include/linux/nfs4.h
+++ b/include/linux/nfs4.h
@@ -21,6 +21,7 @@
 #define NFS4_FHSIZE		128
 #define NFS4_MAXPATHLEN		PATH_MAX
 #define NFS4_MAXNAMLEN		NAME_MAX
+#define NFS4_MAXLABELLEN	255
 
 #define NFS4_ACCESS_READ        0x0001
 #define NFS4_ACCESS_LOOKUP      0x0002
@@ -348,6 +349,7 @@ enum lock_type4 {
 #define FATTR4_WORD1_TIME_MODIFY        (1UL << 21)
 #define FATTR4_WORD1_TIME_MODIFY_SET    (1UL << 22)
 #define FATTR4_WORD1_MOUNTED_ON_FILEID  (1UL << 23)
+#define FATTR4_WORD1_SECURITY_LABEL	(1UL << 31)
 
 #define NFSPROC4_NULL 0
 #define NFSPROC4_COMPOUND 1
diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h
index 3423c67..8fdea18 100644
--- a/include/linux/nfs_fs_sb.h
+++ b/include/linux/nfs_fs_sb.h
@@ -125,5 +125,6 @@ struct nfs_server {
 #define NFS_CAP_SYMLINKS	(1U << 2)
 #define NFS_CAP_ACLS		(1U << 3)
 #define NFS_CAP_ATOMIC_OPEN	(1U << 4)
+#define NFS_CAP_SECURITY_LABEL  (1U << 5)
 
 #endif
diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
index f301d0b..d7ce8b9 100644
--- a/include/linux/nfs_xdr.h
+++ b/include/linux/nfs_xdr.h
@@ -56,6 +56,10 @@ struct nfs_fattr {
 	__u64			change_attr;	/* NFSv4 change attribute */
 	__u64			pre_change_attr;/* pre-op NFSv4 change attribute */
 	unsigned long		time_start;
+#ifdef CONFIG_SECURITY
+	void			*label;
+	__u32			 label_len;
+#endif
 };
 
 #define NFS_ATTR_WCC		0x0001		/* pre-op WCC data    */
diff --git a/include/linux/nfsd/export.h b/include/linux/nfsd/export.h
index 5431512..bb831fc 100644
--- a/include/linux/nfsd/export.h
+++ b/include/linux/nfsd/export.h
@@ -32,7 +32,8 @@
 #define NFSEXP_ALLSQUASH	0x0008
 #define NFSEXP_ASYNC		0x0010
 #define NFSEXP_GATHERED_WRITES	0x0020
-/* 40 80 100 currently unused */
+#define NFSEXP_SECURITY_LABEL	0x0040  /* Support security label fattr4 */
+/* 80 100 currently unused */
 #define NFSEXP_NOHIDE		0x0200
 #define NFSEXP_NOSUBTREECHECK	0x0400
 #define	NFSEXP_NOAUTHNLM	0x0800		/* Don't authenticate NLM requests - just trust */
@@ -40,7 +41,7 @@
 #define NFSEXP_FSID		0x2000
 #define	NFSEXP_CROSSMOUNT	0x4000
 #define	NFSEXP_NOACL		0x8000	/* reserved for possible ACL related use */
-#define NFSEXP_ALLFLAGS		0xFE3F
+#define NFSEXP_ALLFLAGS		0xFE7F
 
 /* The flags that may vary depending on security flavor: */
 #define NFSEXP_SECINFO_FLAGS	(NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
diff --git a/include/linux/nfsd/nfsd.h b/include/linux/nfsd/nfsd.h
index 8caf4c4..045963c 100644
--- a/include/linux/nfsd/nfsd.h
+++ b/include/linux/nfsd/nfsd.h
@@ -310,8 +310,8 @@ extern struct timeval	nfssvc_boot;
  | FATTR4_WORD1_OWNER	        | FATTR4_WORD1_OWNER_GROUP  | FATTR4_WORD1_RAWDEV           \
  | FATTR4_WORD1_SPACE_AVAIL     | FATTR4_WORD1_SPACE_FREE   | FATTR4_WORD1_SPACE_TOTAL      \
  | FATTR4_WORD1_SPACE_USED      | FATTR4_WORD1_TIME_ACCESS  | FATTR4_WORD1_TIME_ACCESS_SET  \
- | FATTR4_WORD1_TIME_DELTA   | FATTR4_WORD1_TIME_METADATA    \
- | FATTR4_WORD1_TIME_MODIFY     | FATTR4_WORD1_TIME_MODIFY_SET | FATTR4_WORD1_MOUNTED_ON_FILEID)
+ | FATTR4_WORD1_TIME_DELTA   	| FATTR4_WORD1_TIME_METADATA | FATTR4_WORD1_TIME_MODIFY     \
+ | FATTR4_WORD1_TIME_MODIFY_SET | FATTR4_WORD1_MOUNTED_ON_FILEID | FATTR4_WORD1_SECURITY_LABEL)
 
 /* These will return ERR_INVAL if specified in GETATTR or READDIR. */
 #define NFSD_WRITEONLY_ATTRS_WORD1							    \
@@ -322,7 +322,8 @@ extern struct timeval	nfssvc_boot;
 (FATTR4_WORD0_SIZE              | FATTR4_WORD0_ACL                                         )
 #define NFSD_WRITEABLE_ATTRS_WORD1                                                          \
 (FATTR4_WORD1_MODE              | FATTR4_WORD1_OWNER         | FATTR4_WORD1_OWNER_GROUP     \
- | FATTR4_WORD1_TIME_ACCESS_SET | FATTR4_WORD1_TIME_METADATA | FATTR4_WORD1_TIME_MODIFY_SET)
+ | FATTR4_WORD1_TIME_ACCESS_SET | FATTR4_WORD1_TIME_METADATA | FATTR4_WORD1_TIME_MODIFY_SET \
+ | FATTR4_WORD1_SECURITY_LABEL)
 
 #endif /* CONFIG_NFSD_V4 */
 
-- 
1.5.3.8

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

RFC Labeled NFS Initial Code Review, David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 08/11] NFS: Introduce lifecycle management for label ..., David P. Quigley, (Wed Feb 27, 4:39 pm)

Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., James Morris, (Wed Feb 27, 9:04 pm)

Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., Dave Quigley, (Thu Feb 28, 4:07 pm)

Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., James Morris, (Thu Feb 28, 7:00 pm)

Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., Dave Quigley, (Thu Feb 28, 6:43 pm)

Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., Dave Quigley, (Wed Feb 27, 8:47 pm)

Re: [PATCH 08/11] NFS: Introduce lifecycle management for la..., James Morris, (Wed Feb 27, 9:22 pm)

[PATCH 09/11] NFS: Client implementation of Labeled-NFS, David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 03/11] VFS: Add security label support to *notify, David P. Quigley, (Wed Feb 27, 4:39 pm)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Andrew Morton, (Fri Feb 29, 2:57 am)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Josef 'Jeff' Sipek, (Thu Feb 28, 4:10 pm)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 4:39 pm)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Josef 'Jeff' Sipek, (Thu Feb 28, 5:15 pm)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 5:05 pm)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Josef 'Jeff' Sipek, (Thu Feb 28, 5:39 pm)

Re: [PATCH 03/11] VFS: Add security label support to *notify, Dave Quigley, (Thu Feb 28, 5:26 pm)

[PATCH 11/11] NFSD: Server implementation of MAC Labeling, David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 02/11] Security: Add hook to calculate context based ..., David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 07/11] NFS/SELinux: Add security_label text mount opt..., David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 01/11] Security: Add hook to get full maclabel xattr ..., David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 05/11] NFSv4: Add label recommended attribute and NFS..., David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 04/11] KConfig: Add KConfig entries for SELinux label..., David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 06/11] SELinux: Add new labeling type native labels, David P. Quigley, (Wed Feb 27, 4:39 pm)

[PATCH 10/11] NFS: Extend nfs xattr handlers to accept the s..., David P. Quigley, (Wed Feb 27, 4:39 pm)


linux-kernel:
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
James Bottomley	Re: Integration of SCST in the mainstream Linux kernel
Jeff Garzik	Re: [Patch v2] Make PCI extended config space (MMCONFIG) a driver opt-in
Chodorenko Michail	PROBLEM: Celeron Core
git:
Linus Torvalds	People unaware of the importance of "git gc"?
Johannes Schindelin	Re: Empty directories...
Jakub Narebski	Re: VCS comparison table
Sam Song	Re: Fwd: [OT] Re: Git via a proxy server?
openbsd-misc:
J.W. Zondag	Dell PE1950 III - Perc 6i
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Anselm R. Garbe	OpenBSD 4.0 / Xorg -> vesa 1920x1200 widescreen resolution
linux-activists:
Jim Winstead Jr.	Re: Root Disk/Book Disk Compatibility
Anselm Lingnau	File creation date in UNIX (was: Re: VMS)
Rafal Kustra (summer student)	mount
Nicholas Yue	Re: more on 486/33 weirdness


spam	1 hour ago	KernelTrap Suggestions and Feedback
sis190/191 gigabit ethernet driver	3 hours ago	Linux general
read /dev/mem not working in 2.6	1 day ago	Linux general
Fedora with Windows vista : windows explorer restarts	1 day ago	Windows
Intel Graphics Drivers (IEGD 9.0.2) - help in patching for kernels > 2.6.24	1 day ago	Linux kernel
Porting from Windows to Linux	1 day ago	Linux general
Serial Driver Implementation Help	2 days ago	Linux kernel
aacraid bad	2 days ago	Linux general
Tools: GCC 3.4.6, Final GCC 3 Release	3 days ago	Applications and Utilities
GNU/Hurd is so awful	4 days ago	GNU/Hurd

[PATCH 05/11] NFSv4: Add label recommended attribute and NFSv4 flags

Online users