Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

[Casey Schaufler <casey@schaufler-ca.com>]

--- "David P. Quigley" <dpquigl@tycho.nsa.gov> wrote:

> From: David P. Quigley <dpquigl@tycho.nsa.gov>
> 
> This patch modifies the interface to inode_getsecurity to have the function
> return a buffer containing the security blob and its length via parameters
> instead of relying on the calling function to give it an appropriately sized
> buffer. Security blobs obtained with this function should be freed using the
> release_secctx LSM hook.

You are making the assumption that the LSM is going to return a secctx
for all possible named attributes. The caller already has to know the
name of the interesting attribute, that should imply that the caller
has enough information to get the right size for a buffer. I don't think
much of interfaces that require you to allocate memory that you're
just going to throw away after you glance at the data, especially in
the file system lookup path.

> This alleviates the problem of the caller having to
> guess a length and preallocate a buffer for this function allowing it to be
> used elsewhere for Labeled NFS. The patch also removed the unused err
> parameter. The same conversion is similar to the one used by Al Viro for the
> security_getprocattr hook.

These are very different use frequency cases.



Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.