diff options
author | Jim Garlick <garlick@llnl.gov> | 2013-05-29 21:09:39 +0200 |
---|---|---|
committer | Eric Van Hensbergen <ericvh@gmail.com> | 2013-07-08 05:02:18 +0200 |
commit | d9a738597faf7cd2edeec82ce8fd81969fed8390 (patch) | |
tree | f8d28d334442ce32e7e1bf7ade94daa1487b6f34 /fs/9p/Kconfig | |
parent | net/9p: add privport option to 9p tcp transport (diff) | |
download | linux-d9a738597faf7cd2edeec82ce8fd81969fed8390.tar.xz linux-d9a738597faf7cd2edeec82ce8fd81969fed8390.zip |
fs/9p: xattr: add trusted and security namespaces
Allow requests for security.* and trusted.* xattr name spaces
to pass through to server.
The new files are 99% cut and paste from fs/9p/xattr_user.c with the
namespaces changed. It has the intended effect in superficial testing.
I do not know much detail about how these namespaces are used, but passing
them through to the server, which can decide whether to handle them or not,
seems reasonable.
I want to support a use case where an ext4 file system is mounted via 9P,
then re-exported via samba to windows clients in a cluster. Windows wants
to store xattrs such as security.NTACL. This works when ext4 directly
backs samba, but not when 9P is inserted. This use case is documented here:
http://code.google.com/p/diod/issues/detail?id=95
Signed-off-by: Jim Garlick <garlick@llnl.gov>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Diffstat (limited to 'fs/9p/Kconfig')
-rw-r--r-- | fs/9p/Kconfig | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/9p/Kconfig b/fs/9p/Kconfig index 55abfd62654a..6489e1fc1afd 100644 --- a/fs/9p/Kconfig +++ b/fs/9p/Kconfig @@ -31,3 +31,16 @@ config 9P_FS_POSIX_ACL If you don't know what Access Control Lists are, say N endif + + +config 9P_FS_SECURITY + bool "9P Security Labels" + depends on 9P_FS + help + Security labels support alternative access control models + implemented by security modules like SELinux. This option + enables an extended attribute handler for file security + labels in the 9P filesystem. + + If you are not using a security module that requires using + extended attributes for file security labels, say N. |