From: Steve Dickson <SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> To: Trond Myklebust <Trond.Myklebust-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>, "J. Bruce Fields" <bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, "David P. Quigley" <dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org> Cc: Linux NFS list <linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, Linux FS devel list <linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, Linux Security List <linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, SELinux List <selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org> Subject: [PATCH 00/15] lnfs: 3.8-rc6 release Date: Fri, 8 Feb 2013 07:39:08 -0500 [thread overview] Message-ID: <1360327163-20360-1-git-send-email-SteveD@redhat.com> (raw) From: Steve Dickson <steved-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Here is the next release of the Label NFS code, forward ported to linux-3.8-rc6. I've incorporated all of the code review comments (thank you for that time) with the exception of the following: > Why not use the more common construct of defining > > struct nfs4_label { > .... > char label[NFS4_MAXLABELLEN]; > }; It makes things easier to keep label a pointer verses an array when it comes to initializing the structure (see _nfs4_get_security_label()), although I did decrease NFS4_MAXLABELLEN to (4095 - offsetof(struct nfs4_label , label)) > + u32 attr_bitmask_nl[3]; > + /* V4 bitmask representing the > + set of attributes supported > + on this filesystem excluding > + the label support bit. */ > > Can't we just have attr_bitmask_nl point to attr_bitmask when not #ifdef > CONFIG_NFS_V4_SECURITY_LABEL? I'm thinking having both bitmasks makes it more obvious as to what is or is not being used. I'm referring to the code in _nfs4_proc_getattr() and _nfs4_proc_lookup(). If the label is not set, use the non label bit mask verses hiding things behind a pointer and not really knowing what bit mask is being used. I also found and fixed a couple memory leaks... The Fedora kernel rpms that have the patches are under http://steved.fedorapeople.org/lnfs/kernels/ A wireshark rpm that can dissect the labels is under http://steved.fedorapeople.org/lnfs/wireshark/ The actual patches from this release are under http://steved.fedorapeople.org/lnfs/patches/lnfs-v3.8-rc6 Dave Quigley (3): NFS:Add labels to client function prototypes NFS: Add label lifecycle management lnfs: Do not sleep holding the inode spin lock David Quigley (10): Security: Add hook to calculate context based on a negative dentry. Security: Add Hook to test if the particular xattr is part of a MAC model. LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data. SELinux: Add new labeling type native labels NFSv4: Add label recommended attribute and NFSv4 flags NFSv4: Introduce new label structure NFSv4: Extend fattr bitmaps to support all 3 words NFS: Client implementation of Labeled-NFS NFS: Extend NFS xattr handlers to accept the security namespace NFSD: Server implementation of MAC Labeling Steve Dickson (2): Kconfig: Add Kconfig entry for Labeled NFS V4 client Kconfig: Add Kconfig entry for Labeled NFS V4 server fs/nfs/Kconfig | 18 ++ fs/nfs/client.c | 2 +- fs/nfs/dir.c | 46 ++- fs/nfs/getroot.c | 2 +- fs/nfs/inode.c | 140 +++++++-- fs/nfs/namespace.c | 2 +- fs/nfs/nfs3acl.c | 4 +- fs/nfs/nfs3proc.c | 41 +-- fs/nfs/nfs4_fs.h | 8 +- fs/nfs/nfs4namespace.c | 2 +- fs/nfs/nfs4proc.c | 565 ++++++++++++++++++++++++++++++++---- fs/nfs/nfs4xdr.c | 199 ++++++++++--- fs/nfs/proc.c | 15 +- fs/nfs/super.c | 17 +- fs/nfsd/Kconfig | 16 + fs/nfsd/nfs4proc.c | 41 +++ fs/nfsd/nfs4xdr.c | 116 +++++++- fs/nfsd/nfsd.h | 8 +- fs/nfsd/vfs.c | 30 ++ fs/nfsd/vfs.h | 2 + fs/nfsd/xdr4.h | 3 + include/linux/nfs4.h | 8 + include/linux/nfs_fs.h | 29 +- include/linux/nfs_fs_sb.h | 10 +- include/linux/nfs_xdr.h | 30 +- include/linux/security.h | 57 +++- include/uapi/linux/nfs4.h | 2 +- security/capability.c | 19 +- security/security.c | 24 +- security/selinux/hooks.c | 92 +++++- security/selinux/include/security.h | 2 + security/selinux/ss/policydb.c | 5 +- security/smack/smack_lsm.c | 11 + 33 files changed, 1352 insertions(+), 214 deletions(-) -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Steve Dickson <SteveD@redhat.com> To: Trond Myklebust <Trond.Myklebust@netapp.com>, "J. Bruce Fields" <bfields@redhat.com>, "David P. Quigley" <dpquigl@tycho.nsa.gov> Cc: Linux NFS list <linux-nfs@vger.kernel.org>, Linux FS devel list <linux-fsdevel@vger.kernel.org>, Linux Security List <linux-security-module@vger.kernel.org>, SELinux List <selinux@tycho.nsa.gov> Subject: [PATCH 00/15] lnfs: 3.8-rc6 release Date: Fri, 8 Feb 2013 07:39:08 -0500 [thread overview] Message-ID: <1360327163-20360-1-git-send-email-SteveD@redhat.com> (raw) From: Steve Dickson <steved@redhat.com> Here is the next release of the Label NFS code, forward ported to linux-3.8-rc6. I've incorporated all of the code review comments (thank you for that time) with the exception of the following: > Why not use the more common construct of defining > > struct nfs4_label { > .... > char label[NFS4_MAXLABELLEN]; > }; It makes things easier to keep label a pointer verses an array when it comes to initializing the structure (see _nfs4_get_security_label()), although I did decrease NFS4_MAXLABELLEN to (4095 - offsetof(struct nfs4_label , label)) > + u32 attr_bitmask_nl[3]; > + /* V4 bitmask representing the > + set of attributes supported > + on this filesystem excluding > + the label support bit. */ > > Can't we just have attr_bitmask_nl point to attr_bitmask when not #ifdef > CONFIG_NFS_V4_SECURITY_LABEL? I'm thinking having both bitmasks makes it more obvious as to what is or is not being used. I'm referring to the code in _nfs4_proc_getattr() and _nfs4_proc_lookup(). If the label is not set, use the non label bit mask verses hiding things behind a pointer and not really knowing what bit mask is being used. I also found and fixed a couple memory leaks... The Fedora kernel rpms that have the patches are under http://steved.fedorapeople.org/lnfs/kernels/ A wireshark rpm that can dissect the labels is under http://steved.fedorapeople.org/lnfs/wireshark/ The actual patches from this release are under http://steved.fedorapeople.org/lnfs/patches/lnfs-v3.8-rc6 Dave Quigley (3): NFS:Add labels to client function prototypes NFS: Add label lifecycle management lnfs: Do not sleep holding the inode spin lock David Quigley (10): Security: Add hook to calculate context based on a negative dentry. Security: Add Hook to test if the particular xattr is part of a MAC model. LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data. SELinux: Add new labeling type native labels NFSv4: Add label recommended attribute and NFSv4 flags NFSv4: Introduce new label structure NFSv4: Extend fattr bitmaps to support all 3 words NFS: Client implementation of Labeled-NFS NFS: Extend NFS xattr handlers to accept the security namespace NFSD: Server implementation of MAC Labeling Steve Dickson (2): Kconfig: Add Kconfig entry for Labeled NFS V4 client Kconfig: Add Kconfig entry for Labeled NFS V4 server fs/nfs/Kconfig | 18 ++ fs/nfs/client.c | 2 +- fs/nfs/dir.c | 46 ++- fs/nfs/getroot.c | 2 +- fs/nfs/inode.c | 140 +++++++-- fs/nfs/namespace.c | 2 +- fs/nfs/nfs3acl.c | 4 +- fs/nfs/nfs3proc.c | 41 +-- fs/nfs/nfs4_fs.h | 8 +- fs/nfs/nfs4namespace.c | 2 +- fs/nfs/nfs4proc.c | 565 ++++++++++++++++++++++++++++++++---- fs/nfs/nfs4xdr.c | 199 ++++++++++--- fs/nfs/proc.c | 15 +- fs/nfs/super.c | 17 +- fs/nfsd/Kconfig | 16 + fs/nfsd/nfs4proc.c | 41 +++ fs/nfsd/nfs4xdr.c | 116 +++++++- fs/nfsd/nfsd.h | 8 +- fs/nfsd/vfs.c | 30 ++ fs/nfsd/vfs.h | 2 + fs/nfsd/xdr4.h | 3 + include/linux/nfs4.h | 8 + include/linux/nfs_fs.h | 29 +- include/linux/nfs_fs_sb.h | 10 +- include/linux/nfs_xdr.h | 30 +- include/linux/security.h | 57 +++- include/uapi/linux/nfs4.h | 2 +- security/capability.c | 19 +- security/security.c | 24 +- security/selinux/hooks.c | 92 +++++- security/selinux/include/security.h | 2 + security/selinux/ss/policydb.c | 5 +- security/smack/smack_lsm.c | 11 + 33 files changed, 1352 insertions(+), 214 deletions(-) -- 1.7.11.7
next reply other threads:[~2013-02-08 12:39 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2013-02-08 12:39 Steve Dickson [this message] 2013-02-08 12:39 ` [PATCH 00/15] lnfs: 3.8-rc6 release Steve Dickson 2013-02-08 12:39 ` [PATCH 01/15] Security: Add hook to calculate context based on a negative dentry Steve Dickson 2013-02-08 12:39 ` [PATCH 02/15] Security: Add Hook to test if the particular xattr is part of a MAC model Steve Dickson 2013-02-08 12:39 ` [PATCH 03/15] LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data Steve Dickson 2013-02-08 12:39 ` [PATCH 04/15] SELinux: Add new labeling type native labels Steve Dickson 2013-02-08 12:39 ` [PATCH 05/15] NFSv4: Add label recommended attribute and NFSv4 flags Steve Dickson 2013-02-08 12:39 ` [PATCH 06/15] NFSv4: Introduce new label structure Steve Dickson 2013-02-12 22:07 ` J. Bruce Fields [not found] ` <20130212220741.GJ10267-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org> 2013-02-12 22:28 ` Myklebust, Trond 2013-02-12 22:28 ` Myklebust, Trond 2013-02-12 22:32 ` J. Bruce Fields 2013-02-12 22:40 ` Myklebust, Trond 2013-02-12 23:06 ` J. Bruce Fields 2013-02-13 0:30 ` Steve Dickson 2013-02-08 12:39 ` [PATCH 07/15] NFSv4: Extend fattr bitmaps to support all 3 words Steve Dickson 2013-02-08 12:39 ` [PATCH 08/15] NFS:Add labels to client function prototypes Steve Dickson 2013-02-08 12:39 ` [PATCH 09/15] NFS: Add label lifecycle management Steve Dickson 2013-02-12 22:27 ` J. Bruce Fields 2013-02-16 20:28 ` Steve Dickson [not found] ` <1360327163-20360-1-git-send-email-SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2013-02-08 12:39 ` [PATCH 10/15] NFS: Client implementation of Labeled-NFS Steve Dickson 2013-02-08 12:39 ` Steve Dickson 2013-02-12 23:03 ` J. Bruce Fields 2013-02-16 20:35 ` Steve Dickson [not found] ` <511FED8E.7020308-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org> 2013-02-16 22:30 ` J. Bruce Fields 2013-02-16 22:30 ` J. Bruce Fields 2013-02-17 1:24 ` Steve Dickson 2013-02-17 1:47 ` Steve Dickson 2013-02-08 12:39 ` [PATCH 11/15] NFS: Extend NFS xattr handlers to accept the security namespace Steve Dickson 2013-02-08 12:39 ` [PATCH 12/15] lnfs: Do not sleep holding the inode spin lock Steve Dickson [not found] ` <1360327163-20360-13-git-send-email-SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2013-02-13 15:16 ` J. Bruce Fields 2013-02-13 15:16 ` J. Bruce Fields [not found] ` <20130213151610.GI14195-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org> 2013-02-16 20:36 ` Steve Dickson 2013-02-16 20:36 ` Steve Dickson 2013-02-08 12:39 ` [PATCH 13/15] Kconfig: Add Kconfig entry for Labeled NFS V4 client Steve Dickson 2013-02-08 12:39 ` [PATCH 14/15] NFSD: Server implementation of MAC Labeling Steve Dickson 2013-02-12 22:54 ` J. Bruce Fields 2013-02-12 23:07 ` J. Bruce Fields [not found] ` <20130212225425.GM10267-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org> 2013-02-16 20:44 ` Steve Dickson 2013-02-16 20:44 ` Steve Dickson [not found] ` <511FEFCB.2090002-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org> 2013-02-16 22:34 ` J. Bruce Fields 2013-02-16 22:34 ` J. Bruce Fields 2013-02-08 12:39 ` [PATCH 15/15] Kconfig: Add Kconfig entry for Labeled NFS V4 server Steve Dickson 2013-02-12 21:41 ` [PATCH 00/15] lnfs: 3.8-rc6 release J. Bruce Fields 2013-02-12 22:02 ` Casey Schaufler 2013-02-12 22:02 ` Casey Schaufler 2013-02-12 22:13 ` J. Bruce Fields 2013-02-13 0:32 ` Steve Dickson 2013-02-13 0:55 ` Casey Schaufler 2013-02-13 0:55 ` Casey Schaufler 2013-02-12 23:11 ` J. Bruce Fields [not found] ` <20130212231113.GQ10267-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org> 2013-02-12 23:18 ` Myklebust, Trond 2013-02-12 23:18 ` Myklebust, Trond 2013-02-13 0:11 ` J. Bruce Fields 2013-02-13 0:21 ` J. Bruce Fields 2013-02-13 0:28 ` Steve Dickson 2013-02-13 15:05 ` J. Bruce Fields 2013-02-13 15:33 ` J. Bruce Fields
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1360327163-20360-1-git-send-email-SteveD@redhat.com \ --to=steved-h+wxahxf7alqt0dzr+alfa@public.gmane.org \ --cc=Trond.Myklebust-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org \ --cc=bfields-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \ --cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.