From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v2] integrity: silence warning when CONFIG_SECURITYFS is not enabled
Date: Tue, 05 Jun 2018 10:49:42 -0400 [thread overview]
Message-ID: <1528210182.3237.160.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <1528194345-9956-1-git-send-email-sudeep.holla@arm.com>
On Tue, 2018-06-05 at 11:25 +0100, Sudeep Holla wrote:
> When CONFIG_SECURITYFS is not enabled, securityfs_create_dir returns
> -ENODEV which throws the following error:
> "Unable to create integrity sysfs dir: -19"
>
> However, if the feature is disabled, it can't be warning and hence
> we need to silence the error. This patch checks for the error -ENODEV
> which is returned when CONFIG_SECURITYFS is disabled to stop the error
> being thrown.
Both IMA and EVM require securityfs, at least for the time being.
?Under what circumstances would integrity and not securityfs be
enabled. ?Is this a Kconfig issue?
Mimi
>
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Matthew Garrett <mjg59@google.com>
> Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
> ---
> security/integrity/iint.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> v1->v2:
> - Check for -ENODEV rather than IS_ENABLED(..) as suggested by
> Matthew Garrett
>
> diff --git a/security/integrity/iint.c b/security/integrity/iint.c
> index 149faa81f6f0..7051ea4a8161 100644
> --- a/security/integrity/iint.c
> +++ b/security/integrity/iint.c
> @@ -219,10 +219,13 @@ static int __init integrity_fs_init(void)
> {
> integrity_dir = securityfs_create_dir("integrity", NULL);
> if (IS_ERR(integrity_dir)) {
> - pr_err("Unable to create integrity sysfs dir: %ld\n",
> - PTR_ERR(integrity_dir));
> + int ret = PTR_ERR(integrity_dir);
> +
> + if (ret != -ENODEV)
> + pr_err("Unable to create integrity sysfs dir: %ld\n",
> + ret;
> integrity_dir = NULL;
> - return PTR_ERR(integrity_dir);
> + return ret;
> }
>
> return 0;
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-06-05 14:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 14:05 [PATCH] integrity: silence warning when CONFIG_SECURITYFS is not enabled Sudeep Holla
2018-06-04 17:44 ` Matthew Garrett
2018-06-05 10:25 ` [PATCH v2] " Sudeep Holla
2018-06-05 14:49 ` Mimi Zohar [this message]
2018-06-06 9:23 ` Sudeep Holla
2018-06-06 13:24 ` Mimi Zohar
2018-06-06 21:07 ` Matthew Garrett
2018-06-13 15:00 ` [PATCH v3] " Sudeep Holla
2018-06-13 22:13 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1528210182.3237.160.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.