On Wed, Jul 3, 2024 at 7:13 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 7/3/2024 2:11 PM, Paul Moore wrote:
> > Commit 61df7b828204 ("lsm: fixup the inode xattr capability handling")
> > moved the responsibility of doing the inode xattr capability checking
> > out of the individual LSMs and into the LSM framework itself.
> > Unfortunately, while the original commit added the capability checks
> > to both the setxattr and removexattr code in the LSM framework, it
> > only removed the setxattr capability checks from the individual LSMs,
> > leaving duplicated removexattr capability checks in both the SELinux
> > and Smack code.
> >
> > This patch removes the duplicated code from SELinux and Smack.
> >
> > Fixes: 61df7b828204 ("lsm: fixup the inode xattr capability handling")
> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
>
> Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Thanks Casey. As this is a pretty minor fix, I'm going to go ahead
and merge it into lsm/dev so it will go up to Linus during the next
merge window; if anyone has any objections to that please let me know
soon.
--
paul-moore.com
