Index: fs/Kconfig
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/fs/Kconfig,v
retrieving revision 1.8
diff -u -u -r1.8 Kconfig
--- fs/Kconfig	18 Jun 2004 20:37:21 -0000	1.8
+++ fs/Kconfig	22 Aug 2004 14:06:10 -0000
@@ -925,6 +925,27 @@
 
 	  See <file:Documentation/filesystems/tmpfs.txt> for details.
 
+config TMPFS_FS_XATTR
+	bool "tmpfs Extended Attributes"
+	help
+	  Extended attributes are name:value pairs associated with inodes by
+	  the kernel or by users (see the attr(5) manual page, or visit
+	  <http://acl.bestbits.at/> for details).
+
+	  If unsure, say N.
+
+config TMPFS_FS_SECURITY
+	bool "tmpfs Security Labels"
+	depends on TMPFS_FS_XATTR
+	help
+	  Security labels support alternative access control models
+	  implemented by security modules like SELinux.  This option
+	  enables an extended attribute handler for file security
+	  labels in the tmpfs filesystem.
+
+	  If you are not using a security module that requires using
+	  extended attributes for file security labels, say N.
+
 config HUGETLBFS
 	bool "HugeTLB file system support"
 	depends X86 || IA64 || PPC64 || SPARC64 || SUPERH || X86_64 || BROKEN
Index: fs/ramfs/Makefile
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/fs/ramfs/Makefile,v
retrieving revision 1.1.1.1
diff -u -u -r1.1.1.1 Makefile
--- fs/ramfs/Makefile	14 Aug 2003 12:08:40 -0000	1.1.1.1
+++ fs/ramfs/Makefile	22 Aug 2004 14:06:10 -0000
@@ -5,3 +5,6 @@
 obj-$(CONFIG_RAMFS) += ramfs.o
 
 ramfs-objs := inode.o
+ramfs-$(CONFIG_RAMFS_FS_XATTR)    += xattr.o
+ramfs-$(CONFIG_RAMFS_FS_SECURITY) += xattr_security.o
+
Index: fs/ramfs/inode.c
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/fs/ramfs/inode.c,v
retrieving revision 1.1.1.4
diff -u -u -r1.1.1.4 inode.c
--- fs/ramfs/inode.c	18 Jun 2004 19:30:21 -0000	1.1.1.4
+++ fs/ramfs/inode.c	22 Aug 2004 14:06:11 -0000
@@ -31,6 +31,7 @@
 #include <linux/string.h>
 #include <linux/smp_lock.h>
 #include <linux/backing-dev.h>
+#include "xattr.h"
 
 #include <asm/uaccess.h>
 
@@ -157,6 +158,10 @@
 
 static struct inode_operations ramfs_file_inode_operations = {
 	.getattr	= simple_getattr,
+	.setxattr   = ramfs_setxattr,
+	.getxattr   = ramfs_getxattr,
+	.listxattr  = ramfs_listxattr,
+	.removexattr    = ramfs_removexattr,
 };
 
 static struct inode_operations ramfs_dir_inode_operations = {
@@ -169,6 +174,10 @@
 	.rmdir		= simple_rmdir,
 	.mknod		= ramfs_mknod,
 	.rename		= simple_rename,
+	.setxattr   = ramfs_setxattr,
+	.getxattr   = ramfs_getxattr,
+	.listxattr  = ramfs_listxattr,
+	.removexattr    = ramfs_removexattr,
 };
 
 static struct super_operations ramfs_ops = {
@@ -224,12 +233,17 @@
 
 static int __init init_ramfs_fs(void)
 {
+	int err = init_ramfs_xattr();
+	if (err)
+		return err;
+
 	return register_filesystem(&ramfs_fs_type);
 }
 
 static void __exit exit_ramfs_fs(void)
 {
 	unregister_filesystem(&ramfs_fs_type);
+	exit_ramfs_xattr();
 }
 
 module_init(init_ramfs_fs)
Index: mm/Makefile
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/mm/Makefile,v
retrieving revision 1.1.1.4
diff -u -u -r1.1.1.4 Makefile
--- mm/Makefile	18 Jun 2004 19:31:02 -0000	1.1.1.4
+++ mm/Makefile	22 Aug 2004 14:06:12 -0000
@@ -15,3 +15,6 @@
 obj-$(CONFIG_SWAP)	+= page_io.o swap_state.o swapfile.o
 obj-$(CONFIG_HUGETLBFS)	+= hugetlb.o
 obj-$(CONFIG_NUMA) 	+= mempolicy.o
+
+obj-$(CONFIG_TMPFS_FS_XATTR)    += xattr.o
+obj-$(CONFIG_TMPFS_FS_SECURITY) += xattr_security.o
Index: mm/shmem.c
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/mm/shmem.c,v
retrieving revision 1.1.1.8
diff -u -u -r1.1.1.8 shmem.c
--- mm/shmem.c	18 Jun 2004 19:31:03 -0000	1.1.1.8
+++ mm/shmem.c	22 Aug 2004 14:06:12 -0000
@@ -44,6 +44,8 @@
 #include <asm/div64.h>
 #include <asm/pgtable.h>
 
+#include "xattr.h"
+
 /* This magic number is used in glibc for posix shared memory */
 #define TMPFS_MAGIC	0x01021994
 
@@ -168,6 +170,8 @@
 static struct file_operations shmem_file_operations;
 static struct inode_operations shmem_inode_operations;
 static struct inode_operations shmem_dir_inode_operations;
+static struct inode_operations shmfs_special_inode_operations;
+static struct inode_operations shmem_symlink_inode_operations;
 static struct vm_operations_struct shmem_vm_ops;
 
 static struct backing_dev_info shmem_backing_dev_info = {
@@ -1212,6 +1216,7 @@
  		mpol_shared_policy_init(&info->policy);
 		switch (mode & S_IFMT) {
 		default:
+			inode->i_op = &shmfs_special_inode_operations;
 			init_special_inode(inode, mode, dev);
 			break;
 		case S_IFREG:
@@ -1229,6 +1234,7 @@
 			inode->i_fop = &simple_dir_operations;
 			break;
 		case S_IFLNK:
+			inode->i_op = &shmem_symlink_inode_operations;
 			break;
 		}
 	}
@@ -1261,7 +1267,6 @@
 
 #ifdef CONFIG_TMPFS
 
-static struct inode_operations shmem_symlink_inode_operations;
 static struct inode_operations shmem_symlink_inline_operations;
 
 /*
@@ -1715,12 +1720,33 @@
 static struct inode_operations shmem_symlink_inline_operations = {
 	.readlink	= shmem_readlink_inline,
 	.follow_link	= shmem_follow_link_inline,
+#ifdef CONFIG_TMPFS
+	.setxattr   = shmfs_setxattr,
+	.getxattr   = shmfs_getxattr,
+	.listxattr  = shmfs_listxattr,
+	.removexattr    = shmfs_removexattr,
+#endif
+};
+
+static struct inode_operations shmfs_special_inode_operations = {
+#ifdef CONFIG_TMPFS
+	.setxattr   = shmfs_setxattr,
+	.getxattr   = shmfs_getxattr,
+	.listxattr  = shmfs_listxattr,
+	.removexattr    = shmfs_removexattr,
+#endif
 };
 
 static struct inode_operations shmem_symlink_inode_operations = {
 	.truncate	= shmem_truncate,
 	.readlink	= shmem_readlink,
 	.follow_link	= shmem_follow_link,
+#ifdef CONFIG_TMPFS
+	.setxattr   = shmfs_setxattr,
+	.getxattr   = shmfs_getxattr,
+	.listxattr  = shmfs_listxattr,
+	.removexattr    = shmfs_removexattr,
+#endif
 };
 
 static int shmem_parse_options(char *options, int *mode, uid_t *uid, gid_t *gid, unsigned long *blocks, unsigned long *inodes)
@@ -1939,6 +1965,12 @@
 static struct inode_operations shmem_inode_operations = {
 	.truncate	= shmem_truncate,
 	.setattr	= shmem_notify_change,
+#ifdef CONFIG_TMPFS
+	.setxattr   = shmfs_setxattr,
+	.getxattr   = shmfs_getxattr,
+	.listxattr  = shmfs_listxattr,
+	.removexattr    = shmfs_removexattr,
+#endif
 };
 
 static struct inode_operations shmem_dir_inode_operations = {
@@ -1952,6 +1984,10 @@
 	.rmdir		= shmem_rmdir,
 	.mknod		= shmem_mknod,
 	.rename		= shmem_rename,
+	.setxattr   = shmfs_setxattr,
+	.getxattr   = shmfs_getxattr,
+	.listxattr  = shmfs_listxattr,
+	.removexattr    = shmfs_removexattr,
 #endif
 };
 
@@ -1993,6 +2029,9 @@
 static int __init init_tmpfs(void)
 {
 	int error;
+	int err = init_shmfs_xattr();
+	if (err)
+		return err;
 
 	error = init_inodecache();
 	if (error)
Index: security/selinux/hooks.c
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/security/selinux/hooks.c,v
retrieving revision 1.15
diff -u -u -r1.15 hooks.c
--- security/selinux/hooks.c	27 Jul 2004 17:43:11 -0000	1.15
+++ security/selinux/hooks.c	22 Aug 2004 14:06:13 -0000
@@ -385,6 +385,14 @@
 				break;
 
 			case Opt_fscontext:
+				/* lkcl: allow fscontext on file systems with xattr
+				 *       in order to be able to mount an xattr-enabled tmpfs
+				 *       on /dev with a different fscontext.
+				 *       reason: shmfs and tmpfs are mapped to two types
+				 *       but we need a third (e.g. udevfs_t) in order to
+				 *       not interfere with / have-to-add-to either tmp_t
+				 *       or shmfs_t
+				 *
 				if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
 					rc = -EINVAL;
 					printk(KERN_WARNING "SELinux:  "
@@ -392,6 +400,7 @@
 					       " this filesystem type\n");
 					goto out_free;
 				}
+				*/
 				if (seen & (Opt_context|Opt_fscontext)) {
 					rc = -EINVAL;
 					printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);