On 2022/09/09 5:50, Günther Noack wrote: > On Thu, Sep 08, 2022 at 04:09:06PM -0400, Paul Moore wrote: >> On Thu, Sep 8, 2022 at 3:58 PM Günther Noack <gnoack3000@xxxxxxxxx> wrote: >>> >>> Like path_truncate, the file_truncate hook also restricts file >>> truncation, but is called in the cases where truncation is attempted >>> on an already-opened file. >>> >>> This is required in a subsequent commit to handle ftruncate() >>> operations differently to truncate() operations. >>> >>> Signed-off-by: Günther Noack <gnoack3000@xxxxxxxxx> >> >> We need to get John and Tetsuo's ACKs on this patch, but in addition >> to that I have two small comments (below). > > +CC: John Johansen and Tetsuo Handa -- this change is splitting up the > path_truncate LSM hook into a path_truncate and file_truncate variant, > one operating on the path as before, and one operating on a struct > file*. As a result, AppArmor and TOMOYO need to implement the > file-based hook as well and treat it the same as before by looking at > the file's ->f_path. Does this change seem reasonable to you? Regarding TOMOYO part, Acked-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
