Disable mlslabel support in Linux
The ZFS update to onnv_141 brought with it support for a security label attribute called mlslabel. This feature depends on zones to work correctly and thus I am disabling it under Linux. Equivilant functionality could be added at some point in the future.
This commit is contained in:
parent
acd6237623
commit
66b2805477
21
.topmsg
21
.topmsg
|
@ -1,19 +1,10 @@
|
||||||
From: Brian Behlendorf <behlendorf1@llnl.gov>
|
From: Brian Behlendorf <behlendorf1@llnl.gov>
|
||||||
Subject: [PATCH] zfs branch
|
Subject: [PATCH] linux have mlslabel
|
||||||
|
|
||||||
Merged result of all changes which are relevant to both Solaris
|
The ZFS update to onnv_141 brought with it support for a
|
||||||
and Linux builds of the ZFS code. These are changes where there
|
security label attribute called mlslabel. This feature
|
||||||
is a reasonable chance they will be accepted upstream.
|
depends on zones to work correctly and thus I am disabling
|
||||||
|
it under Linux. Equivilant functionality could be added
|
||||||
Additionally, since this is effectively the root of the linux
|
at some point in the future.
|
||||||
ZFS tree the core linux build system is added here. This
|
|
||||||
includes autogen.sh, configure.ac, m4 macros, some scripts/*,
|
|
||||||
and makefiles for all the core ZFS components. Linux-only
|
|
||||||
features which require tweaks to the build system should appear
|
|
||||||
on the relevant topic branches. All autotools products which
|
|
||||||
result from autogen.sh are commited to the linux-configure-branch.
|
|
||||||
|
|
||||||
This branch also contains the META, ChangeLog, AUTHORS, TODO,
|
|
||||||
and README, files.
|
|
||||||
|
|
||||||
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
|
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
|
||||||
|
|
|
@ -903,6 +903,7 @@ zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
|
||||||
|
|
||||||
case ZFS_PROP_MLSLABEL:
|
case ZFS_PROP_MLSLABEL:
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_MLSLABEL
|
||||||
/*
|
/*
|
||||||
* Verify the mlslabel string and convert to
|
* Verify the mlslabel string and convert to
|
||||||
* internal hex label string.
|
* internal hex label string.
|
||||||
|
@ -952,7 +953,12 @@ badlabel:
|
||||||
(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
|
(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
|
||||||
m_label_free(new_sl); /* OK if null */
|
m_label_free(new_sl); /* OK if null */
|
||||||
goto error;
|
goto error;
|
||||||
|
#else
|
||||||
|
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
|
||||||
|
"mlslabels are unsupported"));
|
||||||
|
(void) zfs_error(hdl, EZFS_BADPROP, errbuf);
|
||||||
|
goto error;
|
||||||
|
#endif /* HAVE_MLSLABEL */
|
||||||
}
|
}
|
||||||
|
|
||||||
case ZFS_PROP_MOUNTPOINT:
|
case ZFS_PROP_MOUNTPOINT:
|
||||||
|
@ -2011,6 +2017,7 @@ zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
|
||||||
|
|
||||||
case ZFS_PROP_MLSLABEL:
|
case ZFS_PROP_MLSLABEL:
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_MLSLABEL
|
||||||
m_label_t *new_sl = NULL;
|
m_label_t *new_sl = NULL;
|
||||||
char *ascii = NULL; /* human readable label */
|
char *ascii = NULL; /* human readable label */
|
||||||
|
|
||||||
|
@ -2044,6 +2051,10 @@ zfs_prop_get(zfs_handle_t *zhp, zfs_prop_t prop, char *propbuf, size_t proplen,
|
||||||
|
|
||||||
(void) strlcpy(propbuf, ascii, proplen);
|
(void) strlcpy(propbuf, ascii, proplen);
|
||||||
free(ascii);
|
free(ascii);
|
||||||
|
#else
|
||||||
|
(void) strlcpy(propbuf,
|
||||||
|
getprop_string(zhp, prop, &source), proplen);
|
||||||
|
#endif /* HAVE_MLSLABEL */
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
@ -340,6 +340,7 @@ zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr)
|
||||||
static int
|
static int
|
||||||
zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
|
zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr)
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_MLSLABEL
|
||||||
char ds_hexsl[MAXNAMELEN];
|
char ds_hexsl[MAXNAMELEN];
|
||||||
bslabel_t ds_sl, new_sl;
|
bslabel_t ds_sl, new_sl;
|
||||||
boolean_t new_default = FALSE;
|
boolean_t new_default = FALSE;
|
||||||
|
@ -427,6 +428,9 @@ out_check:
|
||||||
if (needed_priv != -1)
|
if (needed_priv != -1)
|
||||||
return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
|
return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL));
|
||||||
return (0);
|
return (0);
|
||||||
|
#else
|
||||||
|
return ENOTSUP;
|
||||||
|
#endif /* HAVE_MLSLABEL */
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
|
Loading…
Reference in New Issue