Re: [PATCH 1/4] Cache xattr security drop check for write

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 29 May 2011 07:24:32 PDT, Andi Kleen said:

> These are not for selinux xattrs, but capability xattrs.

+#define S_NOSEC		4096	/* no suid or xattr security attributes */

Sorry for reading that wrong, since selinux stores stuff under security.* xattr
as well.

+	int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
+				   XATTR_SECURITY_PREFIX_LEN);
 
is going to match *any* security.* attribute, including SELinux ones stored under
security.selinux.  If you wanted to be capability-specific, maybe youw anted these
two:

#define XATTR_CAPS_SUFFIX "capability"
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX

Attachment: pgp8TP1KPxrUA.pgp
Description: PGP signature

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux