On Wed, 2008-04-02 at 11:06 -0400, Stephen Smalley wrote: > On Wed, 2008-04-02 at 16:50 +0200, Miklos Szeredi wrote: > > > On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote: > > > > Where's 1/2? I've ported this to the tip of the vfs-2.6 tree, but > > > > can't compile it without the other half. > > > > > > I have a question for everyone though. How are these options used? > > > SELinux mount options can contain commas. When sending such options > > > from userspace they are inside quotes. Should I go ahead and quote > > > selinux options so they can be directly used back into mount commands? > > > > Yes. > > > > > Should I just leave them in there without quotes and let anyone who > > > tries to feel them back into mount figure it out? > > > > Ideally copying the options out of /proc/mounts, then doing a mount > > with those options should exactly duplicate the original mount. > > > > > I'm ignoring seq_* failures. Which kinda scares me since it means i > > > could get half of one option and half of another and the user would not > > > realize it. Maybe I should build a single string for each selinux > > > option and do a single seq_puts() so seq_* failure only means missing > > > options, not possibly corrupted options... > > > > Errors from seq_* can be safely ignored, seq_file remembers that there > > was an error. > > Pardon my ignorance, but can you point to where in the code this is > done? Offhand, it seems like seq_putc and seq_puts overflow will be > ignored if the caller (in this case, Eric's code - selinux_write_opts) > doesn't propagate the error status back up the call chain, and we'll > just end up with a truncated list of options. Ah, I see it now - in seq_read(). -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
