On Thu, Apr 21, 2011 at 05:23:19PM -0700, Andi Kleen wrote: > From: Andi Kleen <ak@xxxxxxxxxxxxxxx> > > Right now all RCU walks fall back to reference walk when CONFIG_SECURITY > is enabled, even though just the standard capability module is active. > This is because security_inode_exec_permission unconditionally fails > RCU walks. > > Move this decision to the low level security module. This requires > passing the RCU flags down the security hook. This way at least > the capability module and a few easy cases in selinux/smack work > with RCU walks with CONFIG_SECURITY=y > > Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx> > --- > include/linux/security.h | 2 +- > security/capability.c | 2 +- > security/security.c | 6 ++---- > security/selinux/hooks.c | 6 +++++- > security/smack/smack_lsm.c | 6 +++++- > 5 files changed, 14 insertions(+), 8 deletions(-) This seems to miss the hunk in fs/namei.c where the LSM hook is called. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html