mirror of
https://github.com/torvalds/linux.git
synced 2024-11-18 01:51:53 +00:00
ac6713ccb5
When creating new file/directory, use security_dentry_init_security() to prepare selinux context for the new inode, then send openc/mkdir request to MDS, together with selinux xattr. security_dentry_init_security() only supports single security module and only selinux has dentry_init_security hook. So only selinux is supported for now. We can add support for other security modules once kernel has a generic version of dentry_init_security() Signed-off-by: "Yan, Zheng" <zyan@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
51 lines
1.4 KiB
Plaintext
51 lines
1.4 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config CEPH_FS
|
|
tristate "Ceph distributed file system"
|
|
depends on INET
|
|
select CEPH_LIB
|
|
select LIBCRC32C
|
|
select CRYPTO_AES
|
|
select CRYPTO
|
|
default n
|
|
help
|
|
Choose Y or M here to include support for mounting the
|
|
experimental Ceph distributed file system. Ceph is an extremely
|
|
scalable file system designed to provide high performance,
|
|
reliable access to petabytes of storage.
|
|
|
|
More information at http://ceph.newdream.net/.
|
|
|
|
If unsure, say N.
|
|
|
|
if CEPH_FS
|
|
config CEPH_FSCACHE
|
|
bool "Enable Ceph client caching support"
|
|
depends on CEPH_FS=m && FSCACHE || CEPH_FS=y && FSCACHE=y
|
|
help
|
|
Choose Y here to enable persistent, read-only local
|
|
caching support for Ceph clients using FS-Cache
|
|
|
|
endif
|
|
|
|
config CEPH_FS_POSIX_ACL
|
|
bool "Ceph POSIX Access Control Lists"
|
|
depends on CEPH_FS
|
|
select FS_POSIX_ACL
|
|
help
|
|
POSIX Access Control Lists (ACLs) support permissions for users and
|
|
groups beyond the owner/group/world scheme.
|
|
|
|
If you don't know what Access Control Lists are, say N
|
|
|
|
config CEPH_FS_SECURITY_LABEL
|
|
bool "CephFS Security Labels"
|
|
depends on CEPH_FS && SECURITY
|
|
help
|
|
Security labels support alternative access control models
|
|
implemented by security modules like SELinux. This option
|
|
enables an extended attribute handler for file security
|
|
labels in the Ceph filesystem.
|
|
|
|
If you are not using a security module that requires using
|
|
extended attributes for file security labels, say N.
|