PERFORCE change 18984 for review

Robert Watson rwatson at freebsd.org
Wed Oct 9 20:06:45 GMT 2002 

http://perforce.freebsd.org/p4db/chv.cgi?CH=18984

Change 18984 by rwatson at rwatson_tislabs on 2002/10/09 13:06:10

	Add a UFS file flag, FS_MULTILABEL, to indicate that the UFS file
	system should be mounted multi-label by default.  This flag can
	be set using
	
		tunefs -l enable
	
	and unset using:
	
		tunefs -l disable
	
	The basic behavior is that the MNT_MULTILABEL flag will get turned
	on if the superblock flag is set.  Once nmount is more available,
	we can use -o nomultilabel to override at mounttime if needed.
	This will permit us to remove the multilabel flag in default
	fstabs, although the flag will still work.  This is useful for
	root file systems on UFS/UFS2.

Affected files ...

.. //depot/projects/trustedbsd/mac/sbin/tunefs/tunefs.8#9 edit
.. //depot/projects/trustedbsd/mac/sbin/tunefs/tunefs.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/ufs/ffs/ffs_vfsops.c#21 edit
.. //depot/projects/trustedbsd/mac/sys/ufs/ffs/fs.h#7 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sbin/tunefs/tunefs.8#9 (text+ko) ====

@@ -43,6 +43,7 @@
 .Op Fl A
 .Op Fl e Ar maxbpg
 .Op Fl f Ar avgfilesize
+.Op Fl l Ar enable | disable
 .Op Fl m Ar minfree
 .Op Fl n Cm enable | disable
 .Op Fl o Cm space | time
@@ -86,6 +87,8 @@
 this parameter should be set higher.
 .It Fl f Ar avgfilesize
 Specify the expected average file size.
+.It Fl l Cm enable | disable
+Turn on/off MAC multilabel flag.
 .It Fl m Ar minfree
 Specify the percentage of space held back
 from normal users; the minimum free space threshold.

==== //depot/projects/trustedbsd/mac/sbin/tunefs/tunefs.c#6 (text+ko) ====

@@ -94,11 +94,11 @@
 	const char *name;
 	struct stat st;
 	int Aflag = 0, active = 0;
-	int eflag = 0, fflag = 0, mflag = 0;
+	int eflag = 0, fflag = 0, lflag = 0, mflag = 0;
 	int nflag = 0, oflag = 0, pflag = 0, sflag = 0;
 	int evalue = 0, fvalue = 0;
 	int mvalue = 0, ovalue = 0, svalue = 0;
-	char *nvalue = NULL; 
+	char *lvalue = NULL, *nvalue = NULL; 
 	struct fstab *fs;
 	const char *chg[2];
 	char device[MAXPATHLEN];
@@ -109,7 +109,7 @@
         if (argc < 3)
                 usage();
 	found_arg = 0; /* at least one arg is required */
-	while ((ch = getopt(argc, argv, "Ae:f:m:n:o:ps:")) != -1)
+	while ((ch = getopt(argc, argv, "Ae:f:l:m:n:o:ps:")) != -1)
 	  switch (ch) {
 	  case 'A':
 		found_arg = 1;
@@ -131,6 +131,16 @@
 			errx(10, "%s must be >= 1 (was %s)", name, optarg);
 		fflag = 1;
 		break;
+	  case 'l':
+		found_arg = 1;
+		name = "multilabel MAC file system";
+		lvalue = optarg;
+		if (strcmp(lvalue, "enable") && strcmp(lvalue, "disable")) {
+			errx(10, "bad %s (options are %s)", name,
+			    "`enable' or `disable'");
+		}
+		lflag = 1;
+		break;
 	  case 'm':
 		found_arg = 1;
 		name = "minimum percentage of free space";
@@ -235,6 +245,26 @@
 			sblock.fs_avgfilesize = fvalue;
 		}
 	}
+	if (lflag) {
+		name = "multilabel";
+		if (strcmp(lvalue, "enable") == 0) {
+			if (sblock.fs_flags & FS_MULTILABEL) {
+				warnx("%s remains unchanged as enabled", name);
+			} else {
+				sblock.fs_flags |= FS_MULTILABEL;
+				warnx("%s set", name);
+			}
+		} else if (strcmp(lvalue, "disable") == 0) {
+			if ((~sblock.fs_flags & FS_MULTILABEL) ==
+			    FS_MULTILABEL) {
+				warnx("%s remains unchanged as disabled",
+				    name);
+			} else {
+				sblock.fs_flags &= ~FS_MULTILABEL;
+				warnx("%s set", name);
+			}
+		}
+	}
 	if (mflag) {
 		name = "minimum percentage of free space";
 		if (sblock.fs_minfree == mvalue) {

==== //depot/projects/trustedbsd/mac/sys/ufs/ffs/ffs_vfsops.c#21 (text+ko) ====

@@ -34,6 +34,7 @@
  * $FreeBSD: src/sys/ufs/ffs/ffs_vfsops.c,v 1.191 2002/09/25 02:49:48 jeff Exp $
  */
 
+#include "opt_mac.h"
 #include "opt_quota.h"
 #include "opt_ufs.h"
 
@@ -736,6 +737,13 @@
 		vfs_getnewfsid(mp);
 	mp->mnt_maxsymlinklen = fs->fs_maxsymlinklen;
 	mp->mnt_flag |= MNT_LOCAL;
+	if ((fs->fs_flags & FS_MULTILABEL) != 0)
+#ifdef MAC
+		mp->mnt_flag |= MNT_MULTILABEL;
+#else
+		printf("%s: multilabel flag on fs but no MAC support\n",
+		    fs->fs_fsmnt);
+#endif
 	ump->um_mountp = mp;
 	ump->um_dev = dev;
 	ump->um_devvp = devvp;

==== //depot/projects/trustedbsd/mac/sys/ufs/ffs/fs.h#7 (text+ko) ====

@@ -374,11 +374,21 @@
  * accesses. Kernels that do not support auxiliary indicies clear the
  * flag to indicate that the indicies need to be rebuilt (by fsck) before
  * they can be used.
+ *
+ * FS_ACLS indicates that ACLs are administratively enabled for the
+ * file system, so they should be loaded from extended attributes,
+ * observed for access control purposes, and be administered by object
+ * owners.  FS_MULTILABEL indicates that the TrustedBSD MAC Framework
+ * should attempt to back MAC labels into extended attributes on the
+ * file system rather than maintain a single mount label for all
+ * objects.
  */
 #define FS_UNCLEAN    0x01	/* filesystem not clean at mount */
 #define FS_DOSOFTDEP  0x02	/* filesystem using soft dependencies */
 #define FS_NEEDSFSCK  0x04	/* filesystem needs sync fsck before mount */
 #define FS_INDEXDIRS  0x08	/* kernel supports indexed directories */
+#define FS_ACLS       0x10	/* file system has ACLs enabled */
+#define FS_MULTILABEL 0x20	/* file system is MAC multi-label */
 
 /*
  * Macros to access bits in the fs_active array.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list