Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2007-10-26 at 10:07 -0500, Serge E. Hallyn wrote:
> Quoting David P. Quigley (dpquigl@xxxxxxxxxxxxx):
> > On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote:
> > > Quoting David P. Quigley (dpquigl@xxxxxxxxxxxxx):
> > > > 	This patch modifies the interface to inode_getsecurity to have the
> > > > function return a buffer containing the security blob and its length via
> > > > parameters instead of relying on the calling function to give it an
> > > > appropriately sized buffer. Security blobs obtained with this function
> > > > should be freed using the release_secctx LSM hook. This alleviates the
> > > > problem of the caller having to guess a length and preallocate a buffer
> > > > for this function allowing it to be used elsewhere for Labeled NFS. The
> > > > patch also removed the unused err parameter. The conversion is similar
> > > > to the one performed by Al Viro for the security_getprocattr hook.
> > > > 
> > > > Signed-off-by: David P. Quigley <dpquigl@xxxxxxxxxxxxx>
> > > > ---
> > > >  fs/xattr.c               |   26 ++++++++++++++++++++++++--
> > > >  include/linux/security.h |   27 ++++++++++++++-------------
> > > >  include/linux/xattr.h    |    1 +
> > > >  mm/shmem.c               |    3 +--
> > > >  security/dummy.c         |    4 +++-
> > > >  security/selinux/hooks.c |   38 ++++++++++----------------------------
> > > 
> > > (Hmm, I was about to ask if this diffstat could be complete, as it
> > > doesn't have for instance security/security.c, but I guess this predates
> > > the staticlsm patch...)
> > 
> > It wouldn't be much effort to rebase this patch against Linus's latest
> > tree. I am assuming that the static lsm patch is in there based on the
> > recent discussion on LKML?
> 
> Oh, sorry for the two emails.
> 
> Yeah it's in 2.6.24.  So a rebase will be necessary anyway.  I was just
> saying I was too lazy to find another tree against which to check that
> you didn't miss any getsecurity calls (hidden under some exotic .config)
> to change their arguments  :)

I used the LXR to get all uses of getsecurity so I am pretty sure I have
them all.

> 
> -serge
> -
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux