From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-fsdevel@vger.kernel.org, Dave Chinner <david@fromorbit.com>,
Steven Whitehouse <swhiteho@redhat.com>
Subject: [RFC PATCH 0/4] security_inode_init_security API change
Date: Fri, 17 Jun 2011 10:46:56 -0400 [thread overview]
Message-ID: <1308322020-24824-1-git-send-email-zohar@linux.vnet.ibm.com> (raw)
(Reposting with linux-fsdevel cc'ed.)
The recently posted EVM/IMA-appraisal patches added a new hook
evm_inode_post_init_security() to calculate the security.evm extended
attribute(xattr) and an additional call to set_xattr().
security_inode_init_security(&lsm_xattr)
set_xattr(&lsm_xattr)
evm_inode_post_init_security(&lsm_xattr, &evm_xattr)
set_xattr(&evm_xattr)
The ensuing mailing list discussion centered around:
- Steve Whitehouse's questioning the need for two set_xattr() calls.
- Casey Schaufler's multiple LSM xattr support reminder.
- Dave Chinner's questioning the need for the new
evm_inode_post_init_security() hook.
This patch set provides two possible solutions. Both require changing
the security_inode_init_security() API. The first option returns an
array of xattrs, as suggested on the mailing list. The second option
adds an fs specific function callback parameter to write the xattrs.
Examples of each are included in this RFC.
Mimi
--
1.7.3.4
next reply other threads:[~2011-06-17 14:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-17 14:46 Mimi Zohar [this message]
2011-06-17 14:46 ` [RFC PATCH 1/4] security: modify security_inode_init_security to return an array of xattrs Mimi Zohar
2011-06-17 14:46 ` [RFC PATCH 2/4] evm: call evm_inode_init_security from security_inode_init_security Mimi Zohar
2011-06-17 14:46 ` [RFC PATCH 3/4] security: add security_inode_init_security function callback parameter Mimi Zohar
2011-06-20 11:21 ` Dmitry Kasatkin
2011-06-17 14:47 ` [RFC PATCH 4/4] evm: call evm_inode_init_security from security_inode_init_security Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1308322020-24824-1-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=swhiteho@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).