From: Taras Kondratiuk <takondra@cisco.com>
To: "H. Peter Anvin" <hpa@zytor.com>,
Al Viro <viro@zeniv.linux.org.uk>, Arnd Bergmann <arnd@arndb.de>,
Rob Landley <rob@landley.net>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Jonathan Corbet <corbet@lwn.net>,
James McMechan <james.w.mcmechan@gmail.com>
Cc: initramfs@vger.kernel.org, Victor Kamensky <kamensky@cisco.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
xe-linux-external@cisco.com
Subject: [PATCH v3 09/15] initramfs: set extended attributes
Date: Fri, 16 Feb 2018 20:33:45 +0000 [thread overview]
Message-ID: <1518813234-5874-10-git-send-email-takondra@cisco.com> (raw)
In-Reply-To: <1518813234-5874-1-git-send-email-takondra@cisco.com>
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
This patch writes out the extended attributes included in the cpio file.
As the "security.ima" xattr needs to be written after the file data.
this patch separates extracting and setting the xattrs by defining new
do_setxattrs state.
[kamensky: fixed restoring of xattrs for symbolic links by using
sys_lsetxattr() instead of sys_setxattr()]
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Taras Kondratiuk <takondra@cisco.com>
---
init/initramfs.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 52 insertions(+), 5 deletions(-)
diff --git a/init/initramfs.c b/init/initramfs.c
index 0407e199352e..ac636097aee5 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -306,6 +306,7 @@ static int __init do_xattrs(void);
static int __init do_create(void);
static int __init do_copy(void);
static int __init do_symlink(void);
+static int __init do_setxattrs(void);
static int __init do_reset(void);
typedef int (*fsm_state_t)(void);
@@ -468,7 +469,7 @@ static int __init do_name(void)
static int __init do_xattrs(void)
{
- /* Do nothing for now */
+ memcpy_optional(xattr_buf, collected, xattr_len);
state = do_create;
return 0;
}
@@ -477,8 +478,7 @@ static __initdata int wfd;
static int __init do_create(void)
{
- state = do_skip;
- next_state = do_reset;
+ state = do_setxattrs;
clean_path(name_buf, mode);
if (S_ISREG(mode)) {
int ml = maybe_link(name_buf);
@@ -511,8 +511,11 @@ static int __init do_create(void)
do_utime(name_buf, &mtime);
}
} else if (S_ISLNK(mode)) {
- if (body_len > PATH_MAX)
+ if (body_len > PATH_MAX) {
+ state = do_skip;
+ next_state = do_reset;
return 0;
+ }
read_into(symlink_buf, body_len, do_symlink);
}
return 0;
@@ -526,7 +529,7 @@ static int __init do_copy(void)
sys_close(wfd);
do_utime(name_buf, &mtime);
eat(body_len);
- state = do_skip;
+ state = do_setxattrs;
return 0;
} else {
if (xwrite(wfd, victim, byte_count) != byte_count)
@@ -545,8 +548,52 @@ static int __init do_symlink(void)
sys_symlink(symlink_buf, name_buf);
sys_lchown(name_buf, uid, gid);
do_utime(name_buf, &mtime);
+ state = do_setxattrs;
+ return 0;
+}
+
+struct xattr_hdr {
+ char c_size[8]; /* total size including c_size field */
+ char c_data[]; /* <name>\0<value> */
+};
+
+static int __init do_setxattrs(void)
+{
+ char *buf = xattr_buf;
+ char *bufend = buf + xattr_len;
+ struct xattr_hdr *hdr;
+ char str[sizeof(hdr->c_size) + 1];
+
state = do_skip;
next_state = do_reset;
+ if (!xattr_len)
+ return 0;
+
+ str[sizeof(hdr->c_size)] = 0;
+
+ while (buf < bufend) {
+ char *xattr_name, *xattr_value;
+ unsigned long xattr_entry_size, xattr_value_size;
+ int ret;
+
+ hdr = (struct xattr_hdr *)buf;
+ memcpy(str, hdr->c_size, sizeof(hdr->c_size));
+ ret = kstrtoul(str, 16, &xattr_entry_size);
+ buf += xattr_entry_size;
+ if (ret || buf > bufend) {
+ error("malformed xattrs");
+ break;
+ }
+
+ xattr_name = hdr->c_data;
+ xattr_value = xattr_name + strlen(xattr_name) + 1;
+ xattr_value_size = buf - xattr_value;
+
+ ret = sys_lsetxattr(name_buf, xattr_name, xattr_value,
+ xattr_value_size, 0);
+ pr_debug("%s: %s size: %lu val: %s (ret: %d)\n", name_buf,
+ xattr_name, xattr_value_size, xattr_value, ret);
+ }
return 0;
}
--
2.10.3.dirty
next prev parent reply other threads:[~2018-02-16 20:37 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-16 20:33 [PATCH v3 00/15] extend initramfs archive format to support xattrs Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 01/15] Documentation: add newcx initramfs format description Taras Kondratiuk
2018-02-16 20:59 ` H. Peter Anvin
2018-02-16 21:25 ` Rob Landley
2018-02-16 21:47 ` Victor Kamensky
2018-02-17 0:00 ` hpa
2018-02-17 10:04 ` Taras Kondratiuk
2018-02-17 17:32 ` Rob Landley
2018-02-18 0:15 ` Mimi Zohar
2018-02-18 0:24 ` hpa
2018-02-18 0:26 ` hpa
2018-02-18 0:47 ` Mimi Zohar
2018-02-16 20:33 ` [PATCH v3 02/15] initramfs: replace states with function pointers Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 03/15] initramfs: store file name in name_buf Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 04/15] initramfs: remove unnecessary symlinks processing shortcut Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 05/15] initramfs: move files creation into separate state Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 06/15] initramfs: separate reading cpio method from header Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 07/15] initramfs: split header layout information from parsing function Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 08/15] initramfs: add newcx format Taras Kondratiuk
2018-02-16 20:33 ` Taras Kondratiuk [this message]
2018-02-16 20:33 ` [PATCH v3 10/15] gen_init_cpio: move header formatting into function Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 11/15] gen_init_cpio: add newcx format Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 12/15] gen_init_cpio: set extended attributes for " Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 12/14] gen_initramfs_list.sh: add -x option to enable " Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 13/15] " Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 13/14] selinux: allow setxattr on rootfs so initramfs code can set them Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 14/15] " Taras Kondratiuk
2018-02-20 19:01 ` Stephen Smalley
2018-03-11 3:07 ` Victor Kamensky
2018-03-20 16:33 ` [Non-DoD Source] " Stephen Smalley
2018-02-16 20:33 ` [PATCH v3 14/14] selinux: delay sid population for rootfs till init is complete Taras Kondratiuk
2018-02-16 20:33 ` [PATCH v3 15/15] " Taras Kondratiuk
2018-02-20 18:56 ` Stephen Smalley
2018-03-07 16:51 ` Rob Landley
2018-03-07 17:26 ` Victor Kamensky
2018-03-11 3:08 ` Victor Kamensky
2018-03-20 16:30 ` [Non-DoD Source] " Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1518813234-5874-10-git-send-email-takondra@cisco.com \
--to=takondra@cisco.com \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=hpa@zytor.com \
--cc=initramfs@vger.kernel.org \
--cc=james.w.mcmechan@gmail.com \
--cc=kamensky@cisco.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rob@landley.net \
--cc=viro@zeniv.linux.org.uk \
--cc=xe-linux-external@cisco.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).