From patchwork Thu Jan 8 18:51:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 1356 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767898387; bh=BNSdgwSBBQUQTAKvwINAoXQlDo0xWoPWlQBSQVWhzmQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=WWWYd3uZD2L6reLffRn+0a03ksX7hGKhjMpedFXjDp4CL05Nds0ewBoJzVTzrHtA4 1wDcXrYk/ICN23mbKZ7AN5A35A6ghDEsgJUR05F5WHFMbVWSajvbn6zXBYSkMBWJKF XIgQfXqgcq9f+X47WcFhmFOURjrym5yDr3UdG8c1vvy42cC/ltD/XKYtjFxkRUUP82 TSsC9OiEiJMQGO4PiBaCBADlwF2Rx5+SDxqwRE1QflsgMOPKcbuiHtaYYhCH/SS5/A xfPMBbWdE1JS2pfiEtQ0tMpicTE9m/u70BPs7nHANU7UdEfsVN8ZaloLfBdCv82f77 PVPQA05hGZwTw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id E3A1A691DB for ; Thu, 8 Jan 2026 11:53:07 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id hNRuCpITdvrB for ; Thu, 8 Jan 2026 11:53:07 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767898387; bh=BNSdgwSBBQUQTAKvwINAoXQlDo0xWoPWlQBSQVWhzmQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=WWWYd3uZD2L6reLffRn+0a03ksX7hGKhjMpedFXjDp4CL05Nds0ewBoJzVTzrHtA4 1wDcXrYk/ICN23mbKZ7AN5A35A6ghDEsgJUR05F5WHFMbVWSajvbn6zXBYSkMBWJKF XIgQfXqgcq9f+X47WcFhmFOURjrym5yDr3UdG8c1vvy42cC/ltD/XKYtjFxkRUUP82 TSsC9OiEiJMQGO4PiBaCBADlwF2Rx5+SDxqwRE1QflsgMOPKcbuiHtaYYhCH/SS5/A xfPMBbWdE1JS2pfiEtQ0tMpicTE9m/u70BPs7nHANU7UdEfsVN8ZaloLfBdCv82f77 PVPQA05hGZwTw== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id D0E75691CC for ; Thu, 8 Jan 2026 11:53:07 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767898386; bh=7b73kPQuQG0+Wt9T69ozVGSOmXim+etU0JQY29vIqtc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mVxQxL2nf8ZDSeMd0gNAgqwBg0Kv5NbrkqyKZPtqXMcL/NMAKI5rfr29btVxuWBNH 6PfzZJynrismyqpvj7lkeQlBgT2g9AWexIyD+4GeNFbn9SF+GuMVwiJVewCDXjPELk 7MLkwqF46gndmtObPlCjfR2SuRtNGLvUZHekIvmg1zkp/dFCUQvvOJEkRrO4pi/BdV 65naKNDU5n80K7Gcslf+URbbmVVHWfcPPl5i4O4w4AwsY8Smi5sDQg3SKTQBWQ6Wai sTvxxaSdplmPdSv3iW5I3QCHehf0t9bWhHfFWa6TzQEMJwHmT/J7abrZPDhYe1TsXb GrdTNS5pIdbkA== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 55BDE69101; Thu, 8 Jan 2026 11:53:06 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id n4CWyfFtrHrT; Thu, 8 Jan 2026 11:53:06 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1767898382; bh=3T9QdCJrQJw74teOYOEtNqaaOy4n03KgxZ3mNGD6sls=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Vn7kGEiuF4mfQ2klaYh2tlheloLVJDRbJqlhyJHyLznolT8t53kRkFr4fPnbuTypN iB9ubn48KN1hc9qdDBL7eewMrvs/GA4JK19cVcUoZPsw5kfM8I92la+WfD6mK+AuWB 0SWP/4cAKGMmCiiGDm8ySZL3qOC1oxZdjgBoZATU7qLXSCrfIafM54GccGzXLUV5ig bJlclyrEU8irNnfWo6ouyIxBkfCR1XChxLAPOYKx+Ygr+DQ2W/yiSzwPUTdbR7ag/3 5pT1A7zMU5Oy5/yy77ZhlbbXz5x46JAITvkY+5LFKPFItpqg94VXjHP3wsaxre7EZX hGcQN/XmSQNeA== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 012D669057; Thu, 8 Jan 2026 11:53:01 -0700 (MST) From: Simon Glass To: U-Boot Concept Date: Thu, 8 Jan 2026 11:51:30 -0700 Message-ID: <20260108185149.1995917-16-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260108185149.1995917-1-sjg@u-boot.org> References: <20260108185149.1995917-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: UN7UONHUFG27YWLGBGRUK36BRGWWRFMX X-Message-ID-Hash: UN7UONHUFG27YWLGBGRUK36BRGWWRFMX X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt , Simon Glass , "Claude Opus 4 . 5" X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 15/21] ext4l: Add a CONFIG_EXT4_FS_SECURITY option List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass Add Kconfig option to make security labels support optional. The xattr_security.c file and xattr.h already have proper #ifdef guards with stub functions when disabled. Security labels require extended attributes, so this option depends on EXT4_XATTR. They are unlikely to be useful in U-Boot but is included for completeness. Co-developed-by: Claude Opus 4.5 Signed-off-by: Simon Glass --- fs/ext4l/Kconfig | 11 +++++++++++ fs/ext4l/Makefile | 1 + 2 files changed, 12 insertions(+) diff --git a/fs/ext4l/Kconfig b/fs/ext4l/Kconfig index 1dce08d9474..b7520aaab16 100644 --- a/fs/ext4l/Kconfig +++ b/fs/ext4l/Kconfig @@ -153,3 +153,14 @@ config EXT4_FS_POSIX_ACL ACLs require extended attributes support (EXT4_XATTR). If unsure, say N. + +config EXT4_FS_SECURITY + bool "Enable ext4 security labels" + depends on FS_EXT4L && EXT4_XATTR + help + Enable security labels support for ext4 filesystems. This + provides an extended attribute handler for file security + labels used by security modules like SELinux. + + Security labels require extended attributes support (EXT4_XATTR). + If unsure, say N. diff --git a/fs/ext4l/Makefile b/fs/ext4l/Makefile index fd86ce56d2e..0f5ee832f2e 100644 --- a/fs/ext4l/Makefile +++ b/fs/ext4l/Makefile @@ -20,3 +20,4 @@ obj-$(CONFIG_EXT4_XATTR) += xattr.o xattr_hurd.o xattr_trusted.o \ obj-$(CONFIG_EXT4_INLINE_DATA) += inline.o obj-$(CONFIG_EXT4_INDIRECT) += indirect.o obj-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o +obj-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o