ZFS_LINUX_TRY_COMPILE([
#include <linux/security.h>
],[
- security_inode_init_security(NULL,NULL,NULL,NULL,NULL,NULL);
+ struct inode *ip __attribute__ ((unused)) = NULL;
+ struct inode *dip __attribute__ ((unused)) = NULL;
+ const struct qstr *str __attribute__ ((unused)) = NULL;
+ char *name __attribute__ ((unused)) = NULL;
+ void *value __attribute__ ((unused)) = NULL;
+ size_t len __attribute__ ((unused)) = 0;
+
+ security_inode_init_security(ip, dip, str, &name, &value, &len);
],[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_6ARGS_SECURITY_INODE_INIT_SECURITY, 1,
])
EXTRA_KCFLAGS="$tmp_flags"
])
+
+dnl #
+dnl # 3.2 API change
+dnl # The security_inode_init_security() API has been changed to include
+dnl # a filesystem specific callback to write security extended attributes.
+dnl # This was done to support the initialization of multiple LSM xattrs
+dnl # and the EVM xattr.
+dnl #
+AC_DEFUN([ZFS_AC_KERNEL_CALLBACK_SECURITY_INODE_INIT_SECURITY], [
+ AC_MSG_CHECKING([whether security_inode_init_security wants callback])
+ tmp_flags="$EXTRA_KCFLAGS"
+ EXTRA_KCFLAGS="-Werror"
+ ZFS_LINUX_TRY_COMPILE([
+ #include <linux/security.h>
+ ],[
+ struct inode *ip __attribute__ ((unused)) = NULL;
+ struct inode *dip __attribute__ ((unused)) = NULL;
+ const struct qstr *str __attribute__ ((unused)) = NULL;
+ initxattrs func __attribute__ ((unused)) = NULL;
+
+ security_inode_init_security(ip, dip, str, func, NULL);
+ ],[
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY, 1,
+ [security_inode_init_security wants callback])
+ ],[
+ AC_MSG_RESULT(no)
+ ])
+ EXTRA_KCFLAGS="$tmp_flags"
+])
main (void)
{
- security_inode_init_security(NULL,NULL,NULL,NULL,NULL,NULL);
+ struct inode *ip __attribute__ ((unused)) = NULL;
+ struct inode *dip __attribute__ ((unused)) = NULL;
+ const struct qstr *str __attribute__ ((unused)) = NULL;
+ char *name __attribute__ ((unused)) = NULL;
+ void *value __attribute__ ((unused)) = NULL;
+ size_t len __attribute__ ((unused)) = 0;
+
+ security_inode_init_security(ip, dip, str, &name, &value, &len);
;
return 0;
EXTRA_KCFLAGS="$tmp_flags"
+ { $as_echo "$as_me:$LINENO: checking whether security_inode_init_security wants callback" >&5
+$as_echo_n "checking whether security_inode_init_security wants callback... " >&6; }
+ tmp_flags="$EXTRA_KCFLAGS"
+ EXTRA_KCFLAGS="-Werror"
+
+
+cat confdefs.h - <<_ACEOF >conftest.c
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+ #include <linux/security.h>
+
+int
+main (void)
+{
+
+ struct inode *ip __attribute__ ((unused)) = NULL;
+ struct inode *dip __attribute__ ((unused)) = NULL;
+ const struct qstr *str __attribute__ ((unused)) = NULL;
+ initxattrs func __attribute__ ((unused)) = NULL;
+
+ security_inode_init_security(ip, dip, str, func, NULL);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+
+
+ rm -Rf build && mkdir -p build
+ echo "obj-m := conftest.o" >build/Makefile
+ if { ac_try='cp conftest.c build && make modules -C $LINUX_OBJ EXTRA_CFLAGS="-Werror-implicit-function-declaration $EXTRA_KCFLAGS" $ARCH_UM M=$PWD/build'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } >/dev/null && { ac_try='test -s build/conftest.o'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+ { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY 1
+_ACEOF
+
+
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+
+
+
+fi
+
+ rm -Rf build
+
+
+ EXTRA_KCFLAGS="$tmp_flags"
+
+
{ $as_echo "$as_me:$LINENO: checking whether symbol mount_nodev is exported" >&5
$as_echo_n "checking whether symbol mount_nodev is exported... " >&6; }
grep -q -E '[[:space:]]mount_nodev[[:space:]]' \
main (void)
{
- security_inode_init_security(NULL,NULL,NULL,NULL,NULL,NULL);
+ struct inode *ip __attribute__ ((unused)) = NULL;
+ struct inode *dip __attribute__ ((unused)) = NULL;
+ const struct qstr *str __attribute__ ((unused)) = NULL;
+ char *name __attribute__ ((unused)) = NULL;
+ void *value __attribute__ ((unused)) = NULL;
+ size_t len __attribute__ ((unused)) = 0;
+
+ security_inode_init_security(ip, dip, str, &name, &value, &len);
;
return 0;
EXTRA_KCFLAGS="$tmp_flags"
+ { $as_echo "$as_me:$LINENO: checking whether security_inode_init_security wants callback" >&5
+$as_echo_n "checking whether security_inode_init_security wants callback... " >&6; }
+ tmp_flags="$EXTRA_KCFLAGS"
+ EXTRA_KCFLAGS="-Werror"
+
+
+cat confdefs.h - <<_ACEOF >conftest.c
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+
+ #include <linux/security.h>
+
+int
+main (void)
+{
+
+ struct inode *ip __attribute__ ((unused)) = NULL;
+ struct inode *dip __attribute__ ((unused)) = NULL;
+ const struct qstr *str __attribute__ ((unused)) = NULL;
+ initxattrs func __attribute__ ((unused)) = NULL;
+
+ security_inode_init_security(ip, dip, str, func, NULL);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+
+
+ rm -Rf build && mkdir -p build
+ echo "obj-m := conftest.o" >build/Makefile
+ if { ac_try='cp conftest.c build && make modules -C $LINUX_OBJ EXTRA_CFLAGS="-Werror-implicit-function-declaration $EXTRA_KCFLAGS" $ARCH_UM M=$PWD/build'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } >/dev/null && { ac_try='test -s build/conftest.o'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+ { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY 1
+_ACEOF
+
+
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+
+
+
+fi
+
+ rm -Rf build
+
+
+ EXTRA_KCFLAGS="$tmp_flags"
+
+
{ $as_echo "$as_me:$LINENO: checking whether symbol mount_nodev is exported" >&5
$as_echo_n "checking whether symbol mount_nodev is exported... " >&6; }
grep -q -E '[[:space:]]mount_nodev[[:space:]]' \
}
ZPL_XATTR_SET_WRAPPER(zpl_xattr_security_set);
+#ifdef HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY
+static int
+__zpl_xattr_security_init(struct inode *ip, const struct xattr *xattrs,
+ void *fs_info)
+{
+ const struct xattr *xattr;
+ int error = 0;
+
+ for (xattr = xattrs; xattr->name != NULL; xattr++) {
+ error = __zpl_xattr_security_set(ip,
+ xattr->name, xattr->value, xattr->value_len, 0);
+
+ if (error < 0)
+ break;
+ }
+
+ return (error);
+}
+
+int
+zpl_xattr_security_init(struct inode *ip, struct inode *dip,
+ const struct qstr *qstr)
+{
+ return security_inode_init_security(ip, dip, qstr,
+ &__zpl_xattr_security_init, NULL);
+}
+
+#else
int
zpl_xattr_security_init(struct inode *ip, struct inode *dip,
const struct qstr *qstr)
return (error);
}
+#endif /* HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY */
xattr_handler_t zpl_xattr_security_handler = {
.prefix = XATTR_SECURITY_PREFIX,
git://git.camperquake.de / zfs.git / commitdiff