From 77d474b70b8591b4b47934bedaf78e43d9f58b55 Mon Sep 17 00:00:00 2001 From: Hyunchul Lee Date: Fri, 3 Mar 2017 16:44:03 +0900 Subject: ubifs: Add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels When write syscall is called, every time security label is searched to determine that file's privileges should be changed. If LSM(Linux Security Model) is not used, this is useless. So introduce CONFIG_UBIFS_SECURITY to disable security labels. it's default value is "y". Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger (cherry picked from commit 8326c1eec2449f0e868f7b19a5fa7bfa0386ab48) --- fs/ubifs/Kconfig | 13 +++++++++++++ fs/ubifs/ubifs.h | 12 +++++++++++- fs/ubifs/xattr.c | 2 ++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig index 7ff7712f284e..15fb49c053df 100644 --- a/fs/ubifs/Kconfig +++ b/fs/ubifs/Kconfig @@ -50,3 +50,16 @@ config UBIFS_ATIME_SUPPORT strictatime is the "heavy", relatime is "lighter", etc. If unsure, say 'N' + +config UBIFS_FS_SECURITY + bool "UBIFS Security Labels" + depends on UBIFS_FS + default y + help + Security labels provide an access control facility to support Linux + Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO + Linux. This option enables an extended attribute handler for file + security labels in the ubifs filesystem, so that it requires enabling + the extended attribute support in advance. + + If you are not using a security module, say N. diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index a5697de763f5..f4238c940fb7 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1762,8 +1762,18 @@ ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, size_t size); ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size); int ubifs_removexattr(struct dentry *dentry, const char *name); -int ubifs_init_security(struct inode *dentry, struct inode *inode, + +#ifdef CONFIG_UBIFS_FS_SECURITY +extern int ubifs_init_security(struct inode *dentry, struct inode *inode, const struct qstr *qstr); +#else +static inline int ubifs_init_security(struct inode *dentry, + struct inode *inode, const struct qstr *qstr) +{ + return 0; +} +#endif + /* super.c */ struct inode *ubifs_iget(struct super_block *sb, unsigned long inum); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index b5bf23b34241..8d3a4324c36f 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -590,6 +590,7 @@ out_free: return err; } +#ifdef CONFIG_UBIFS_FS_SECURITY static int init_xattrs(struct inode *inode, const struct xattr *xattr_array, void *fs_info) { @@ -629,3 +630,4 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode, } return err; } +#endif -- cgit v1.2.3