mirror_zfs/config/kernel-security-inode-init.m4
Brian Behlendorf 166dd49de0 Linux 3.2 compat, security_inode_init_security()
The security_inode_init_security() API has been changed to include
a filesystem specific callback to write security extended attributes.
This was done to support the initialization of multiple LSM xattrs
and the EVM xattr.

This change updates the code to use the new API when it's available.
Otherwise it falls back to the previous implementation.

In addition, the ZFS_AC_KERNEL_6ARGS_SECURITY_INODE_INIT_SECURITY
autoconf test has been made more rigerous by passing the expected
types.  This is done to ensure we always properly the detect the
correct form for the security_inode_init_security() API.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #516
2012-01-12 15:06:39 -08:00

62 lines
2.1 KiB
Plaintext

dnl #
dnl # 2.6.39 API change
dnl # The security_inode_init_security() function now takes an additional
dnl # qstr argument which must be passed in from the dentry if available.
dnl # Passing a NULL is safe when no qstr is available the relevant
dnl # security checks will just be skipped.
dnl #
AC_DEFUN([ZFS_AC_KERNEL_6ARGS_SECURITY_INODE_INIT_SECURITY], [
AC_MSG_CHECKING([whether security_inode_init_security wants 6 args])
tmp_flags="$EXTRA_KCFLAGS"
EXTRA_KCFLAGS="-Werror"
ZFS_LINUX_TRY_COMPILE([
#include <linux/security.h>
],[
struct inode *ip __attribute__ ((unused)) = NULL;
struct inode *dip __attribute__ ((unused)) = NULL;
const struct qstr *str __attribute__ ((unused)) = NULL;
char *name __attribute__ ((unused)) = NULL;
void *value __attribute__ ((unused)) = NULL;
size_t len __attribute__ ((unused)) = 0;
security_inode_init_security(ip, dip, str, &name, &value, &len);
],[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_6ARGS_SECURITY_INODE_INIT_SECURITY, 1,
[security_inode_init_security wants 6 args])
],[
AC_MSG_RESULT(no)
])
EXTRA_KCFLAGS="$tmp_flags"
])
dnl #
dnl # 3.2 API change
dnl # The security_inode_init_security() API has been changed to include
dnl # a filesystem specific callback to write security extended attributes.
dnl # This was done to support the initialization of multiple LSM xattrs
dnl # and the EVM xattr.
dnl #
AC_DEFUN([ZFS_AC_KERNEL_CALLBACK_SECURITY_INODE_INIT_SECURITY], [
AC_MSG_CHECKING([whether security_inode_init_security wants callback])
tmp_flags="$EXTRA_KCFLAGS"
EXTRA_KCFLAGS="-Werror"
ZFS_LINUX_TRY_COMPILE([
#include <linux/security.h>
],[
struct inode *ip __attribute__ ((unused)) = NULL;
struct inode *dip __attribute__ ((unused)) = NULL;
const struct qstr *str __attribute__ ((unused)) = NULL;
initxattrs func __attribute__ ((unused)) = NULL;
security_inode_init_security(ip, dip, str, func, NULL);
],[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY, 1,
[security_inode_init_security wants callback])
],[
AC_MSG_RESULT(no)
])
EXTRA_KCFLAGS="$tmp_flags"
])