ceph: add selinux support

When creating new file/directory, use security_dentry_init_security() to prepare selinux context for the new inode, then send openc/mkdir request to MDS, together with selinux xattr. security_dentry_init_security() only supports single security module and only selinux has dentry_init_security hook. So only selinux is supported for now. We can add support for other security modules once kernel has a generic version of dentry_init_security() Signed-off-by: "Yan, Zheng" <zyan@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
author: Yan, Zheng <zyan@redhat.com> 2019-05-26 10:27:56 +0200
committer: Ilya Dryomov <idryomov@gmail.com> 2019-07-08 14:01:42 +0200
commit: ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2 (patch)
tree: b97e61e509a3771db80edf64c3b211079faf4cc7 /fs/ceph/inode.c
parent: ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx (diff)
download: linux-ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2.tar.xz
linux-ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 18869ba08db7..b2988e9f8e15 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -888,6 +888,7 @@ static int fill_inode(struct inode *inode, struct page *locked_page,
 			       iinfo->xattr_data, iinfo->xattr_len);
 		ci->i_xattrs.version = le64_to_cpu(info->xattr_version);
 		ceph_forget_all_cached_acls(inode);
+		ceph_security_invalidate_secctx(inode);
 		xattr_blob = NULL;
 	}
author	Yan, Zheng <zyan@redhat.com>	2019-05-26 10:27:56 +0200
committer	Ilya Dryomov <idryomov@gmail.com>	2019-07-08 14:01:42 +0200
commit	ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2 (patch)
tree	b97e61e509a3771db80edf64c3b211079faf4cc7 /fs/ceph/inode.c
parent	ceph: rename struct ceph_acls_info to ceph_acl_sec_ctx (diff)
download	linux-ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2.tar.xz linux-ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2.zip