static int
mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
struct label *intlabel)
{
int error;
ASSERT_VOP_LOCKED(vp, "mac_vnode_setlabel_extattr");
error = VOP_OPENEXTATTR(vp, cred, curthread);
if (error == EOPNOTSUPP) {
if (ea_warn_once == 0) {
printf("Warning: transactions not supported "
"in EA write.\n");
ea_warn_once = 1;
}
} else if (error)
return (error);
MAC_POLICY_CHECK(vnode_setlabel_extattr, cred, vp, vp->v_label,
intlabel);
if (error) {
VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
return (error);
}
error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
if (error == EOPNOTSUPP)
error = 0;
return (error);
}
/*
* Functions implementing extended-attribute backed labels for file systems
* that support it.
*
* Where possible, we use EA transactions to make writes to multiple
* attributes across difference policies mutually atomic. We allow work to
* continue on file systems not supporting EA transactions, but generate a
* printf warning.
*/
int
mac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
{
int error;
ASSERT_VOP_LOCKED(dvp, "mac_vnode_create_extattr");
ASSERT_VOP_LOCKED(vp, "mac_vnode_create_extattr");
error = VOP_OPENEXTATTR(vp, cred, curthread);
if (error == EOPNOTSUPP) {
if (ea_warn_once == 0) {
printf("Warning: transactions not supported "
"in EA write.\n");
ea_warn_once = 1;
}
} else if (error)
return (error);
MAC_POLICY_CHECK(vnode_create_extattr, cred, mp, mp->mnt_label, dvp,
dvp->v_label, vp, vp->v_label, cnp);
if (error) {
VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
return (error);
}
error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
if (error == EOPNOTSUPP)
error = 0;
return (error);
}
int
RUMP_VOP_OPENEXTATTR(struct vnode *vp,
struct kauth_cred *cred)
{
int error;
rump_schedule();
error = VOP_OPENEXTATTR(vp, cred);
rump_unschedule();
return error;
}