diff options
| author | Yan, Zheng <zyan@redhat.com> | 2019-05-26 16:27:56 +0800 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2019-07-08 14:01:42 +0200 |
| commit | ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2 (patch) | |
| tree | b97e61e509a3771db80edf64c3b211079faf4cc7 /fs/ceph/Kconfig | |
| parent | 5c31e92dffb94c955fff2867a56aac68e63c286d (diff) | |
| download | linux-ac6713ccb5a6d13b59a2e3fda4fb049a2c4e0af2.tar.gz | |
ceph: add selinux support
When creating new file/directory, use security_dentry_init_security() to prepare selinux context for the new inode, then send openc/mkdir request to MDS, together with selinux xattr. security_dentry_init_security() only supports single security module and only selinux has dentry_init_security hook. So only selinux is supported for now. We can add support for other security modules once kernel has a generic version of dentry_init_security() Signed-off-by: "Yan, Zheng" <zyan@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs/ceph/Kconfig')
| -rw-r--r-- | fs/ceph/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/ceph/Kconfig b/fs/ceph/Kconfig index 7f7d92d6b024..cf235f6eacf9 100644 --- a/fs/ceph/Kconfig +++ b/fs/ceph/Kconfig @@ -36,3 +36,15 @@ config CEPH_FS_POSIX_ACL groups beyond the owner/group/world scheme. If you don't know what Access Control Lists are, say N + +config CEPH_FS_SECURITY_LABEL + bool "CephFS Security Labels" + depends on CEPH_FS && SECURITY + help + Security labels support alternative access control models + implemented by security modules like SELinux. This option + enables an extended attribute handler for file security + labels in the Ceph filesystem. + + If you are not using a security module that requires using + extended attributes for file security labels, say N. |