• Andrew Morton's avatar
    [PATCH] ext2 xattr handler for security modules · 16685211
    Andrew Morton authored
    From: Stephen Smalley <sds@epoch.ncsc.mil>
    
    This patch against 2.5.68 implements an xattr handler for ext2 to support the
    use of extended attributes by security modules for storing file security
    labels.  As per the earlier discussion of extended attributes for security
    modules, this handler uses a "security." prefix and allows for per-module
    attribute names.  Security checking on userspace access to these attributes
    can be performed by the security module using the LSM hooks in fs/xattr.c,
    and the security module is free to internally use the inode operations
    without restriction for managing its security labels.  Unlike the trusted
    namespace, these labels are used internally for access control purposes by
    the security module, and controls over userspace access to them require finer
    granularity than capable() supports.
    16685211
xattr.c 30.5 KB