Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > +static int smack_task_kernel_act_as(struct task_struct *p, > > + struct task_security *sec, u32 secid) > > +{ > > + return -ENOTSUPP; > > +} > ... > > +static int smack_task_create_files_as(struct task_struct *p, > > + struct task_security *sec, > > + struct inode *inode) > > +{ > > + return -ENOTSUPP; > > +} > > Hum. ENOTSUPP is not not very satisfying, is it? I will have to > think on this a bit. Sorry, I meant to ping you on this directly. I'm not sure how to effect these two functions for Smack. > Except for the fact that the hooks don't do anything this > looks fine. I'm not sure that I would want these hooks to > do anything, it requires additional thought to determine if > there is a good behavior for them. Note that you won't be able to use CacheFiles with Smack if either of these just returns an error. This may also affect NFSd in the future too. smack_task_create_files_as() is passed the label that new files created by CacheFiles should be created with. For smack_task_kernel_act_as(), it may be sufficient to set CAP_MAC_OVERRIDE in the task_security struct and leave it as that. It also may not be sufficient, as NFSd may end up using this to set the subjective security label supplied by the NFS client. I don't know, though, whether Smack is going to be involved in that passing labels over NFS. David - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html