On Thu, Jun 02, 2011 at 08:23:31AM -0400, Mimi Zohar wrote: > Initialize 'security.evm' for new files. Reduce number of arguments > by defining 'struct xattr'. why does this need a new security callout from every filesystem? Once the security xattr is initialised, the name, len and value is not going to change so surely the evm xattr can be initialised at the same time the lsm xattr is initialised. Then all you need to do in each filesystem is add the evm_xattr structure to the existing security init call and a: #ifdef CONFIG_EVM /* set evm.xattr */ #endif to avoid adding code that is never executed when EVM is not configured into the kernel. That way you don't create the lsm_xattr at all if the evm_xattr is not created, and then the file creation should fail in an atomic manner, right? i.e. you don't leave files with unverified security attributes around when interesting failure corner cases occur (e.g. ENOSPC). And while you are there, it's probably also be a good idea to add support for all filesystems that support xattrs, not just a random subset of them... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
