[Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid

cluster-devel.redhat.com archive mirror
 help / color / mirror / Atom feed

* [Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid
       [not found] <1446079635-22462-1-git-send-email-agruenba@redhat.com>
@ 2015-10-29  0:47 ` Andreas Gruenbacher
  2015-10-29 12:10   ` Bob Peterson
  2015-10-30 11:51   ` Steven Whitehouse
  0 siblings, 2 replies; 3+ messages in thread
From: Andreas Gruenbacher @ 2015-10-29  0:47 UTC (permalink / raw)
  To: cluster-devel.redhat.com

When gfs2 releases the glock of an inode, it must invalidate all
information cached for that inode, including the page cache and acls.  Use
the new security_inode_invalidate_secctx hook to also invalidate security
labels in that case.  These items will be reread from disk when needed
after reacquiring the glock.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Bob Peterson <rpeterso@redhat.com>
Cc: cluster-devel at redhat.com
---
 fs/gfs2/glops.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index 1f6c9c3..0833076 100644
--- a/fs/gfs2/glops.c
+++ b/fs/gfs2/glops.c
@@ -13,6 +13,7 @@
 #include <linux/gfs2_ondisk.h>
 #include <linux/bio.h>
 #include <linux/posix_acl.h>
+#include <linux/security.h>
 
 #include "gfs2.h"
 #include "incore.h"
@@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
 		if (ip) {
 			set_bit(GIF_INVALID, &ip->i_flags);
 			forget_all_cached_acls(&ip->i_inode);
+			security_inode_invalidate_secctx(&ip->i_inode);
 			gfs2_dir_hash_inval(ip);
 		}
 	}
-- 
2.5.0



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid
  2015-10-29  0:47 ` [Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher
@ 2015-10-29 12:10   ` Bob Peterson
  2015-10-30 11:51   ` Steven Whitehouse
  1 sibling, 0 replies; 3+ messages in thread
From: Bob Peterson @ 2015-10-29 12:10 UTC (permalink / raw)
  To: cluster-devel.redhat.com

----- Original Message -----
> When gfs2 releases the glock of an inode, it must invalidate all
> information cached for that inode, including the page cache and acls.  Use
> the new security_inode_invalidate_secctx hook to also invalidate security
> labels in that case.  These items will be reread from disk when needed
> after reacquiring the glock.
> 
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> Cc: Steven Whitehouse <swhiteho@redhat.com>
> Cc: Bob Peterson <rpeterso@redhat.com>
> Cc: cluster-devel at redhat.com
> ---
>  fs/gfs2/glops.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
> index 1f6c9c3..0833076 100644
> --- a/fs/gfs2/glops.c
> +++ b/fs/gfs2/glops.c
> @@ -13,6 +13,7 @@
>  #include <linux/gfs2_ondisk.h>
>  #include <linux/bio.h>
>  #include <linux/posix_acl.h>
> +#include <linux/security.h>
>  
>  #include "gfs2.h"
>  #include "incore.h"
> @@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int
> flags)
>  		if (ip) {
>  			set_bit(GIF_INVALID, &ip->i_flags);
>  			forget_all_cached_acls(&ip->i_inode);
> +			security_inode_invalidate_secctx(&ip->i_inode);
>  			gfs2_dir_hash_inval(ip);
>  		}
>  	}
> --
> 2.5.0
> 
> 
Hi,

Acked-by: Bob Peterson <rpeterso@redhat.com>

Bob Peterson
Red Hat File Systems



^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid
  2015-10-29  0:47 ` [Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher
  2015-10-29 12:10   ` Bob Peterson
@ 2015-10-30 11:51   ` Steven Whitehouse
  1 sibling, 0 replies; 3+ messages in thread
From: Steven Whitehouse @ 2015-10-30 11:51 UTC (permalink / raw)
  To: cluster-devel.redhat.com

Hi,

Acked-by: Steven Whitehouse <swhiteho@redhat.com>

Steve.

On 29/10/15 00:47, Andreas Gruenbacher wrote:
> When gfs2 releases the glock of an inode, it must invalidate all
> information cached for that inode, including the page cache and acls.  Use
> the new security_inode_invalidate_secctx hook to also invalidate security
> labels in that case.  These items will be reread from disk when needed
> after reacquiring the glock.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
> Cc: Steven Whitehouse <swhiteho@redhat.com>
> Cc: Bob Peterson <rpeterso@redhat.com>
> Cc: cluster-devel at redhat.com
> ---
>   fs/gfs2/glops.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
> index 1f6c9c3..0833076 100644
> --- a/fs/gfs2/glops.c
> +++ b/fs/gfs2/glops.c
> @@ -13,6 +13,7 @@
>   #include <linux/gfs2_ondisk.h>
>   #include <linux/bio.h>
>   #include <linux/posix_acl.h>
> +#include <linux/security.h>
>   
>   #include "gfs2.h"
>   #include "incore.h"
> @@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
>   		if (ip) {
>   			set_bit(GIF_INVALID, &ip->i_flags);
>   			forget_all_cached_acls(&ip->i_inode);
> +			security_inode_invalidate_secctx(&ip->i_inode);
>   			gfs2_dir_hash_inval(ip);
>   		}
>   	}



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-10-30 11:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <1446079635-22462-1-git-send-email-agruenba@redhat.com>
2015-10-29  0:47 ` [Cluster-devel] [PATCH v4 7/7] gfs2: Invalide security labels of inodes when they go invalid Andreas Gruenbacher
2015-10-29 12:10   ` Bob Peterson
2015-10-30 11:51   ` Steven Whitehouse

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).