aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2006-09-29 02:00:01 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-29 09:18:11 -0700
commit50462062a02226a698a211d5bd535376c89b8603 (patch)
tree07a34af458b338c609a35072b8c6fd1ed2a235a1
parentcfe14677f286c9be5d683b88214def8f4b8a6f24 (diff)
downloadlinaro-lsk-50462062a02226a698a211d5bd535376c89b8603.tar.gz
[PATCH] fs.h: ifdef security fields
[assuming BSD security levels are deleted] The only user of i_security, f_security, s_security fields is SELinux, however, quite a few security modules are trying to get into kernel. So, wrap them under CONFIG_SECURITY. Adding config option for each security field is likely an overkill. Following Stephen Smalley's suggestion, i_security initialization is moved to security_inode_alloc() to not clutter core code with ifdefs and make alloc_inode() codepath tiny little bit smaller and faster. The user of (highly greppable) struct fown_struct::security field is still to be found. I've checked every "fown_struct" and every "f_owner" occurence. Additionally it's removal doesn't break i386 allmodconfig build. struct inode, struct file, struct super_block, struct fown_struct become smaller. P.S. Combined with two reiserfs inode shrinking patches sent to linux-fsdevel, I can finally suck 12 reiserfs inodes into one page. /proc/slabinfo -ext2_inode_cache 388 10 +ext2_inode_cache 384 10 -inode_cache 280 14 +inode_cache 276 14 -proc_inode_cache 296 13 +proc_inode_cache 292 13 -reiser_inode_cache 336 11 +reiser_inode_cache 332 12 <= -shmem_inode_cache 372 10 +shmem_inode_cache 368 10 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/inode.c1
-rw-r--r--include/linux/fs.h8
-rw-r--r--include/linux/security.h1
3 files changed, 7 insertions, 3 deletions
diff --git a/fs/inode.c b/fs/inode.c
index f5c04dd9ae8..abf77471e6c 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -133,7 +133,6 @@ static struct inode *alloc_inode(struct super_block *sb)
inode->i_bdev = NULL;
inode->i_cdev = NULL;
inode->i_rdev = 0;
- inode->i_security = NULL;
inode->dirtied_when = 0;
if (security_inode_alloc(inode)) {
if (inode->i_sb->s_op->destroy_inode)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 4caec6cebc4..6eafbe30948 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -553,7 +553,9 @@ struct inode {
unsigned int i_flags;
atomic_t i_writecount;
+#ifdef CONFIG_SECURITY
void *i_security;
+#endif
void *i_private; /* fs or device private pointer */
#ifdef __NEED_I_SIZE_ORDERED
seqcount_t i_size_seqcount;
@@ -645,7 +647,6 @@ struct fown_struct {
rwlock_t lock; /* protects pid, uid, euid fields */
int pid; /* pid or -pgrp where SIGIO should be sent */
uid_t uid, euid; /* uid/euid of process setting the owner */
- void *security;
int signum; /* posix.1b rt signal to be delivered on IO */
};
@@ -688,8 +689,9 @@ struct file {
struct file_ra_state f_ra;
unsigned long f_version;
+#ifdef CONFIG_SECURITY
void *f_security;
-
+#endif
/* needed for tty driver, and maybe others */
void *private_data;
@@ -877,7 +879,9 @@ struct super_block {
int s_syncing;
int s_need_sync_fs;
atomic_t s_active;
+#ifdef CONFIG_SECURITY
void *s_security;
+#endif
struct xattr_handler **s_xattr;
struct list_head s_inodes; /* all inodes */
diff --git a/include/linux/security.h b/include/linux/security.h
index 9f56fb8a4a6..9b5fea81f55 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1595,6 +1595,7 @@ static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
static inline int security_inode_alloc (struct inode *inode)
{
+ inode->i_security = NULL;
return security_ops->inode_alloc_security (inode);
}