(Reposting with linux-fsdevel cc'ed.)
The recently posted EVM/IMA-appraisal patches added a new hook
evm_inode_post_init_security() to calculate the security.evm extended
attribute(xattr) and an additional call to set_xattr().
security_inode_init_security(&lsm_xattr)
set_xattr(&lsm_xattr)
evm_inode_post_init_security(&lsm_xattr, &evm_xattr)
set_xattr(&evm_xattr)
The ensuing mailing list discussion centered around:
- Steve Whitehouse's questioning the need for two set_xattr() calls.
- Casey Schaufler's multiple LSM xattr support reminder.
- Dave Chinner's questioning the need for the new
evm_inode_post_init_security() hook.
This patch set provides two possible solutions. Both require changing
the security_inode_init_security() API. The first option returns an
array of xattrs, as suggested on the mailing list. The second option
adds an fs specific function callback parameter to write the xattrs.
Examples of each are included in this RFC.
Mimi
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
