From: Steven Whitehouse <swhiteho@redhat.com>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [PATCH v5 13/21] evm: add evm_inode_post_init call in gfs2
Date: Mon, 16 May 2011 16:30:22 +0100 [thread overview]
Message-ID: <1305559822.2855.14.camel@menhir> (raw)
In-Reply-To: <1305557115-15652-14-git-send-email-zohar@linux.vnet.ibm.com>
Hi,
On Mon, 2011-05-16 at 10:45 -0400, Mimi Zohar wrote:
> After creating the initial LSM security extended attribute, call
> evm_inode_post_init_security() to create the 'security.evm'
> extended attribute.
>
> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
> ---
> fs/gfs2/inode.c | 28 +++++++++++++++++++---------
> 1 files changed, 19 insertions(+), 9 deletions(-)
>
[snip]
> + struct xattr lsm_xattr;
> + struct xattr evm_xattr;
>
> err = security_inode_init_security(&ip->i_inode, &dip->i_inode, qstr,
> - &name, &value, &len);
> + &lsm_xattr.name, &lsm_xattr.value,
> + &lsm_xattr.value_len);
>
> if (err) {
> if (err == -EOPNOTSUPP)
> @@ -780,11 +781,20 @@ static int gfs2_security_init(struct gfs2_inode *dip, struct gfs2_inode *ip,
> return err;
> }
>
> - err = __gfs2_xattr_set(&ip->i_inode, name, value, len, 0,
> - GFS2_EATYPE_SECURITY);
> - kfree(value);
> - kfree(name);
> -
> + err = __gfs2_xattr_set(&ip->i_inode, lsm_xattr.name, lsm_xattr.value,
> + lsm_xattr.value_len, 0, GFS2_EATYPE_SECURITY);
> + if (err < 0)
> + goto out;
> + err = evm_inode_post_init_security(&ip->i_inode, &lsm_xattr,
> + &evm_xattr);
> + if (err)
> + goto out;
> + err = __gfs2_xattr_set(&ip->i_inode, evm_xattr.name, evm_xattr.value,
> + evm_xattr.value_len, 0, GFS2_EATYPE_SECURITY);
> + kfree(evm_xattr.value);
> +out:
> + kfree(lsm_xattr.name);
> + kfree(lsm_xattr.value);
> return err;
> }
>
Just wondering whether we could have a single call to the security
subsystem which returns a vector of xattrs rather than having to call
two different functions?
Steve.
next parent reply other threads:[~2011-05-16 15:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1305557115-15652-1-git-send-email-zohar@linux.vnet.ibm.com>
[not found] ` <1305557115-15652-14-git-send-email-zohar@linux.vnet.ibm.com>
2011-05-16 15:30 ` Steven Whitehouse [this message]
[not found] ` <1305561051.2669.10.camel@localhost.localdomain>
2011-05-16 16:14 ` [Cluster-devel] [PATCH v5 13/21] evm: add evm_inode_post_init call in gfs2 Steven Whitehouse
[not found] ` <1305563758.2669.26.camel@localhost.localdomain>
[not found] ` <1305568250.2669.47.camel@localhost.localdomain>
2011-05-16 17:57 ` Steven Whitehouse
[not found] ` <4DD16B96.7020907@schaufler-ca.com>
[not found] ` <1305571683.2669.90.camel@localhost.localdomain>
[not found] ` <4DD17A15.2060102@schaufler-ca.com>
[not found] ` <1305766540.3304.44.camel@localhost.localdomain>
2011-05-19 9:25 ` Steven Whitehouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1305559822.2855.14.camel@menhir \
--to=swhiteho@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).