The following three patches are intended to introduce in-place modification of Smack rules. Until now Smack supported only overwriting of existing rules. To change permitted access for a given subject and object, user had to read list of rules to get current accesses, modify it and write modified rule back to kernel. This way was inefficient, non-atomic and unnecessarily difficult. New interface is intended to ease such modifications. I have prepared three patches: 1. Use RCU functions and read locking in smackfs seq list operations Because rule lists will now get modified by list_replace_rcu(), this one is intended to assure RCU reader critical sections in smackfs. 2. Remove global master list of rules This is for avoiding having to modify rules in two places (per subject list and the global list). The master list was redundant and kept up for backward compatibility with previous smackfs seq operations code. 3. Add support for modification of existing rules The actual patch with new interface. A previous version of this one has posted previously (http://thread.gmane.org/gmane.linux.documentation/6759), but was proven to be wrong. Rafal Krypa (3): Smack: use RCU functions and read locking in smackfs seq list operations Smack: remove global master list of rules Smack: add support for modification of existing rules Documentation/security/Smack.txt | 11 ++ security/smack/smackfs.c | 362 ++++++++++++++++++++++++-------------- 2 files changed, 239 insertions(+), 134 deletions(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html