* [Cluster-devel] [PATCH v5 7/7] gfs2: Invalide security labels of inodes when they go invalid [not found] <1446398673-886-1-git-send-email-agruenba@redhat.com> @ 2015-11-01 17:24 ` Andreas Gruenbacher 2015-11-02 20:52 ` [Cluster-devel] [PATCH v5 0/7] Inode security label invalidation Paul Moore 1 sibling, 0 replies; 2+ messages in thread From: Andreas Gruenbacher @ 2015-11-01 17:24 UTC (permalink / raw) To: cluster-devel.redhat.com When gfs2 releases the glock of an inode, it must invalidate all information cached for that inode, including the page cache and acls. Use the new security_inode_invalidate_secctx hook to also invalidate security labels in that case. These items will be reread from disk when needed after reacquiring the glock. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Acked-by: Bob Peterson <rpeterso@redhat.com> Acked-by: Steven Whitehouse <swhiteho@redhat.com> Cc: cluster-devel at redhat.com --- fs/gfs2/glops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c index 1f6c9c3..0833076 100644 --- a/fs/gfs2/glops.c +++ b/fs/gfs2/glops.c @@ -13,6 +13,7 @@ #include <linux/gfs2_ondisk.h> #include <linux/bio.h> #include <linux/posix_acl.h> +#include <linux/security.h> #include "gfs2.h" #include "incore.h" @@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags) if (ip) { set_bit(GIF_INVALID, &ip->i_flags); forget_all_cached_acls(&ip->i_inode); + security_inode_invalidate_secctx(&ip->i_inode); gfs2_dir_hash_inval(ip); } } -- 2.5.0 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Cluster-devel] [PATCH v5 0/7] Inode security label invalidation [not found] <1446398673-886-1-git-send-email-agruenba@redhat.com> 2015-11-01 17:24 ` [Cluster-devel] [PATCH v5 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher @ 2015-11-02 20:52 ` Paul Moore 1 sibling, 0 replies; 2+ messages in thread From: Paul Moore @ 2015-11-02 20:52 UTC (permalink / raw) To: cluster-devel.redhat.com On Sunday, November 01, 2015 06:24:26 PM Andreas Gruenbacher wrote: > Here is another version of the patch queue to make gfs2 and similar file > systems work with SELinux. Previous posting: > > http://www.spinics.net/lists/selinux/msg17969.html > > Changes since the previous version: > > * Use inode_security_novalidate instead of inode_security on all the > SOCK_INODE(sock) inodes. > > This patch queue is also available here: > > git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux.git selinux-wip > > Thanks, > Andreas > > Andreas Gruenbacher (7): > selinux: Remove unused variable in selinux_inode_init_security > security: Make inode argument of inode_getsecurity non-const > security: Make inode argument of inode_getsecid non-const > selinux: Add accessor functions for inode->i_security > security: Add hook to invalidate inode security labels > selinux: Revalidate invalid inode security labels > gfs2: Invalide security labels of inodes when they go invalid Thanks for your time and effort on this patchset. I've accepted all of the patches into my selinux#next queue, these should reach linux-next as soon as the merge window closes. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-02 20:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1446398673-886-1-git-send-email-agruenba@redhat.com>
2015-11-01 17:24 ` [Cluster-devel] [PATCH v5 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher
2015-11-02 20:52 ` [Cluster-devel] [PATCH v5 0/7] Inode security label invalidation Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).