• Andrew Morton's avatar
    [PATCH] devpts xattr handler for security labels · 4a3fbc84
    Andrew Morton authored
    From: Stephen Smalley <sds@epoch.ncsc.mil>
    
    This patch against 2.5.69-bk adds an xattr handler for security labels
    to devpts and corresponding hooks to the LSM API to support conversion
    between xattr values and the security labels stored in the inode
    security field by the security module.
    
    This allows userspace to get and set the security labels on devpts
    nodes, e.g.  so that sshd can set the security label for the pty using
    setxattr, just as sshd already sets the ownership using chown.
    
    SELinux uses this support to protect the pty in accordance with the user
    process' security label.  The changes to the LSM API are general and
    should be re-useable by xattr handlers in other pseudo filesystems to
    support similar security labeling.  The xattr handler for devpts
    includes the same generic framework as in ext[23], so handlers for other
    kinds of attributes can be added easily in the future.
    4a3fbc84
xattr_security.c 1023 Bytes