diff options
author | Hyunchul Lee <cheol.lee@lge.com> | 2017-03-03 16:44:03 +0900 |
---|---|---|
committer | Stefan Agner <stefan.agner@toradex.com> | 2019-01-03 18:34:19 +0100 |
commit | 4b8df387ec5d6a03dce0737b4db3525629464d77 (patch) | |
tree | 46d1941318ab2a03075fe5b51e380ff4c3a1ffbb | |
parent | 29c5fc13f5c9a31996a549e12b7abf117631cd2c (diff) |
ubifs: Add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels
When write syscall is called, every time security label is searched to
determine that file's privileges should be changed.
If LSM(Linux Security Model) is not used, this is useless.
So introduce CONFIG_UBIFS_SECURITY to disable security labels. it's default
value is "y".
Signed-off-by: Hyunchul Lee <cheol.lee@lge.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
(cherry picked from commit 8326c1eec2449f0e868f7b19a5fa7bfa0386ab48)
-rw-r--r-- | fs/ubifs/Kconfig | 13 | ||||
-rw-r--r-- | fs/ubifs/ubifs.h | 12 | ||||
-rw-r--r-- | fs/ubifs/xattr.c | 2 |
3 files changed, 26 insertions, 1 deletions
diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig index ba66d508006a..a553e03737d2 100644 --- a/fs/ubifs/Kconfig +++ b/fs/ubifs/Kconfig @@ -35,3 +35,16 @@ config UBIFS_FS_ZLIB default y help Zlib compresses better than LZO but it is slower. Say 'Y' if unsure. + +config UBIFS_FS_SECURITY + bool "UBIFS Security Labels" + depends on UBIFS_FS + default y + help + Security labels provide an access control facility to support Linux + Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO + Linux. This option enables an extended attribute handler for file + security labels in the ubifs filesystem, so that it requires enabling + the extended attribute support in advance. + + If you are not using a security module, say N. diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index de759022f3d6..e3a87c05662c 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1760,8 +1760,18 @@ ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, size_t size); ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size); int ubifs_removexattr(struct dentry *dentry, const char *name); -int ubifs_init_security(struct inode *dentry, struct inode *inode, + +#ifdef CONFIG_UBIFS_FS_SECURITY +extern int ubifs_init_security(struct inode *dentry, struct inode *inode, const struct qstr *qstr); +#else +static inline int ubifs_init_security(struct inode *dentry, + struct inode *inode, const struct qstr *qstr) +{ + return 0; +} +#endif + /* super.c */ struct inode *ubifs_iget(struct super_block *sb, unsigned long inum); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 7270162b72e4..72efb3e61c7d 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -624,6 +624,7 @@ const struct xattr_handler *ubifs_xattr_handlers[] = { NULL, }; +#ifdef CONFIG_UBIFS_FS_SECURITY static int init_xattrs(struct inode *inode, const struct xattr *xattr_array, void *fs_info) { @@ -663,3 +664,4 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode, } return err; } +#endif |