* [Cluster-devel] [PATCH v2 2/2] gfs2: Invalide security labels of inodes that go invalid
[not found] <1443986381-14412-1-git-send-email-agruenba@redhat.com>
@ 2015-10-04 19:19 ` Andreas Gruenbacher
0 siblings, 0 replies; only message in thread
From: Andreas Gruenbacher @ 2015-10-04 19:19 UTC (permalink / raw)
To: cluster-devel.redhat.com
When gfs2 releases the glock of an inode, it must invalidate all
information cached for that inode, including the page cache and acls. Use
the new security_inode_invalidate_secctx hook to also invalidate security
labels in that case. These items will be reread from disk when needed
after reacquiring the glock.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Bob Peterson <rpeterso@redhat.com>
Cc: cluster-devel at redhat.com
---
fs/gfs2/glops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index 1f6c9c3..0833076 100644
--- a/fs/gfs2/glops.c
+++ b/fs/gfs2/glops.c
@@ -13,6 +13,7 @@
#include <linux/gfs2_ondisk.h>
#include <linux/bio.h>
#include <linux/posix_acl.h>
+#include <linux/security.h>
#include "gfs2.h"
#include "incore.h"
@@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
if (ip) {
set_bit(GIF_INVALID, &ip->i_flags);
forget_all_cached_acls(&ip->i_inode);
+ security_inode_invalidate_secctx(&ip->i_inode);
gfs2_dir_hash_inval(ip);
}
}
--
2.5.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-10-04 19:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1443986381-14412-1-git-send-email-agruenba@redhat.com>
2015-10-04 19:19 ` [Cluster-devel] [PATCH v2 2/2] gfs2: Invalide security labels of inodes that go invalid Andreas Gruenbacher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).