On Tue, 22 Nov 2016, Dan Jurgens wrote: > struct file *file; > + struct lsm_pkey_audit *pkey; > } u; > /* this union contains LSM specific data */ > union { > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > index 37f04da..b18d277 100644 > --- a/security/lsm_audit.c > +++ b/security/lsm_audit.c > @@ -410,6 +410,19 @@ static void dump_common_audit_data(struct audit_buffer *ab, > audit_log_format(ab, " kmod="); > audit_log_untrustedstring(ab, a->u.kmod_name); > break; > + case LSM_AUDIT_DATA_PKEY: { > + struct in6_addr sbn_pfx; > + > + memset(&sbn_pfx.s6_addr, 0, > + sizeof(sbn_pfx.s6_addr)); > + > + memcpy(&sbn_pfx.s6_addr, &a->u.pkey->subnet_prefix, > + sizeof(a->u.pkey->subnet_prefix)); > + > + audit_log_format(ab, " pkey=0x%x subnet_prefix=%pI6c", > + a->u.pkey->pkey, &sbn_pfx); > + break; Please do not add include extraneous empty lines in the code. > index d87e29d..e21f7690 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -6086,6 +6086,28 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) > #endif > > #ifdef CONFIG_SECURITY_INFINIBAND > +static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val) > +{ > + struct common_audit_data ad; > + int err; > + u32 sid = 0; > + struct ib_security_struct *sec = ib_sec; > + struct lsm_pkey_audit pkey; > + > + err = security_pkey_sid(subnet_prefix, pkey_val, &sid); > + > + if (err) > + return err; Ditto. > + } > + *out_sid = c->sid[0]; > + } else { > + *out_sid = SECINITSID_UNLABELED; > + } Also don't add extraneous braces. It makes the code more difficult to review ("is something missing or malformatted here?"). -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html