On Fri, 2007-10-26 at 10:07 -0500, Serge E. Hallyn wrote: > Quoting David P. Quigley (dpquigl@xxxxxxxxxxxxx): > > On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: > > > Quoting David P. Quigley (dpquigl@xxxxxxxxxxxxx): > > > > This patch modifies the interface to inode_getsecurity to have the > > > > function return a buffer containing the security blob and its length via > > > > parameters instead of relying on the calling function to give it an > > > > appropriately sized buffer. Security blobs obtained with this function > > > > should be freed using the release_secctx LSM hook. This alleviates the > > > > problem of the caller having to guess a length and preallocate a buffer > > > > for this function allowing it to be used elsewhere for Labeled NFS. The > > > > patch also removed the unused err parameter. The conversion is similar > > > > to the one performed by Al Viro for the security_getprocattr hook. > > > > > > > > Signed-off-by: David P. Quigley <dpquigl@xxxxxxxxxxxxx> > > > > --- > > > > fs/xattr.c | 26 ++++++++++++++++++++++++-- > > > > include/linux/security.h | 27 ++++++++++++++------------- > > > > include/linux/xattr.h | 1 + > > > > mm/shmem.c | 3 +-- > > > > security/dummy.c | 4 +++- > > > > security/selinux/hooks.c | 38 ++++++++++---------------------------- > > > > > > (Hmm, I was about to ask if this diffstat could be complete, as it > > > doesn't have for instance security/security.c, but I guess this predates > > > the staticlsm patch...) > > > > It wouldn't be much effort to rebase this patch against Linus's latest > > tree. I am assuming that the static lsm patch is in there based on the > > recent discussion on LKML? > > Oh, sorry for the two emails. > > Yeah it's in 2.6.24. So a rebase will be necessary anyway. I was just > saying I was too lazy to find another tree against which to check that > you didn't miss any getsecurity calls (hidden under some exotic .config) > to change their arguments :) I used the LXR to get all uses of getsecurity so I am pretty sure I have them all. > > -serge > - > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
