ext4: Add no_sehash_xattr mount option

* Useful for devices where /persist may have unexpected SELinux
  contexts but xattr of root directory is valid, leading to
  restorecon early exitting without traversing the partition.

Change-Id: I5089ff90f76aa9f3db7da26f73548cf62fe67bd0
(cherry picked from commit 8c6c40aa2ce13b83bcc137424e99be5e39d5245d)
This commit is contained in:
LuK1337 2020-09-19 19:57:55 +02:00 committed by Ksawlii
parent f8f036ffe5
commit 0de37a8853
3 changed files with 12 additions and 3 deletions

View file

@ -1202,6 +1202,7 @@ struct ext4_inode_info {
#define EXT4_MOUNT_NO_AUTO_DA_ALLOC 0x10000 /* No auto delalloc mapping */
#define EXT4_MOUNT_BARRIER 0x20000 /* Use block barriers */
#define EXT4_MOUNT_QUOTA 0x40000 /* Some quota option set */
#define EXT4_MOUNT_NO_SEHASH_XATTR 0x40000 /* Ignore security.sehash extended attribute */
#define EXT4_MOUNT_USRQUOTA 0x80000 /* "old" user quota,
* enable enforcement for hidden
* quota files */

View file

@ -1678,7 +1678,7 @@ enum {
Opt_bsd_df, Opt_minix_df, Opt_grpid, Opt_nogrpid,
Opt_resgid, Opt_resuid, Opt_sb, Opt_err_cont, Opt_err_panic, Opt_err_ro,
Opt_nouid32, Opt_debug, Opt_removed,
Opt_user_xattr, Opt_nouser_xattr, Opt_acl, Opt_noacl,
Opt_user_xattr, Opt_nouser_xattr, Opt_no_sehash_xattr, Opt_acl, Opt_noacl,
Opt_auto_da_alloc, Opt_noauto_da_alloc, Opt_noload,
Opt_commit, Opt_min_batch_time, Opt_max_batch_time, Opt_journal_dev,
Opt_journal_path, Opt_journal_checksum, Opt_journal_async_commit,
@ -1723,6 +1723,7 @@ static const match_table_t tokens = {
{Opt_removed, "orlov"},
{Opt_user_xattr, "user_xattr"},
{Opt_nouser_xattr, "nouser_xattr"},
{Opt_no_sehash_xattr, "no_sehash_xattr"},
{Opt_acl, "acl"},
{Opt_noacl, "noacl"},
{Opt_noload, "norecovery"},
@ -1988,6 +1989,7 @@ static const struct mount_opts {
MOPT_NO_EXT2 | MOPT_DATAJ},
{Opt_user_xattr, EXT4_MOUNT_XATTR_USER, MOPT_SET},
{Opt_nouser_xattr, EXT4_MOUNT_XATTR_USER, MOPT_CLEAR},
{Opt_no_sehash_xattr, EXT4_MOUNT_NO_SEHASH_XATTR, MOPT_SET},
#ifdef CONFIG_EXT4_FS_POSIX_ACL
{Opt_acl, EXT4_MOUNT_POSIX_ACL, MOPT_SET},
{Opt_noacl, EXT4_MOUNT_POSIX_ACL, MOPT_CLEAR},

View file

@ -14,19 +14,25 @@
static int
ext4_xattr_security_get(const struct xattr_handler *handler,
struct dentry *unused, struct inode *inode,
struct dentry *dentry, struct inode *inode,
const char *name, void *buffer, size_t size, int flags)
{
if (strcmp(name, "sehash") == 0 && test_opt(dentry->d_sb, NO_SEHASH_XATTR))
return 0;
return ext4_xattr_get(inode, EXT4_XATTR_INDEX_SECURITY,
name, buffer, size);
}
static int
ext4_xattr_security_set(const struct xattr_handler *handler,
struct dentry *unused, struct inode *inode,
struct dentry *dentry, struct inode *inode,
const char *name, const void *value,
size_t size, int flags)
{
if (strcmp(name, "sehash") == 0 && test_opt(dentry->d_sb, NO_SEHASH_XATTR))
return 0;
return ext4_xattr_set(inode, EXT4_XATTR_INDEX_SECURITY,
name, value, size, flags);
}