--- "David P. Quigley" <dpquigl@xxxxxxxxxxxxx> wrote:
>
> This patch set does two things. First it factors the section of vfs_setxattr
> that does the real work into a helper function. This allows LSMs the ability
> to set the xattrs they need without hitting the permission check inside
> vfs_setxattr each time. Second it introduces three new hooks
> inode_{get,set}secctx, and inode_notifysecctx.
>
> The first hook retreives all security information the LSM feels is relavent
> in
> the form of a security context. The second hook given this context can sets
> both the in-core and on-disk store for the particular inode. The third hook
> is
> used to notify the in-core inode of a change to it's security state.
>
> This is the fourth revision of this patch set which takes into account
> concerns by Casey Schaufler, and Christop Hellwig.
>
> fs/xattr.c | 57 ++++++++++++++++++++++++++++++++++-----------
> include/linux/security.h | 50 ++++++++++++++++++++++++++++++++++++++++
> include/linux/xattr.h | 1 +
> security/dummy.c | 17 +++++++++++++
> security/security.c | 18 ++++++++++++++
> security/selinux/hooks.c | 28 ++++++++++++++++++++++
> 6 files changed, 157 insertions(+), 14 deletions(-)
These patches don't appear to cause any harm, but I remain
unconvinced regarding the approach you're taking.
Casey Schaufler
casey@xxxxxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
