----- Original Message -----
> When gfs2 releases the glock of an inode, it must invalidate all
> information cached for that inode, including the page cache and acls. Use
> the new security_inode_invalidate_secctx hook to also invalidate security
> labels in that case. These items will be reread from disk when needed
> after reacquiring the glock.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> Cc: Steven Whitehouse <swhiteho@xxxxxxxxxx>
> Cc: Bob Peterson <rpeterso@xxxxxxxxxx>
> Cc: cluster-devel@xxxxxxxxxx
> ---
> fs/gfs2/glops.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
> index 1f6c9c3..0833076 100644
> --- a/fs/gfs2/glops.c
> +++ b/fs/gfs2/glops.c
> @@ -13,6 +13,7 @@
> #include <linux/gfs2_ondisk.h>
> #include <linux/bio.h>
> #include <linux/posix_acl.h>
> +#include <linux/security.h>
>
> #include "gfs2.h"
> #include "incore.h"
> @@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int
> flags)
> if (ip) {
> set_bit(GIF_INVALID, &ip->i_flags);
> forget_all_cached_acls(&ip->i_inode);
> + security_inode_invalidate_secctx(&ip->i_inode);
> gfs2_dir_hash_inval(ip);
> }
> }
> --
> 2.5.0
>
>
Hi,
Acked-by: Bob Peterson <rpeterso@xxxxxxxxxx>
Bob Peterson
Red Hat File Systems
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
