From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-fsdevel@vger.kernel.org, Dave Chinner <david@fromorbit.com>,
Steven Whitehouse <swhiteho@redhat.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: [RFC PATCH 2/4] evm: call evm_inode_init_security from security_inode_init_security
Date: Fri, 17 Jun 2011 10:46:58 -0400 [thread overview]
Message-ID: <1308322020-24824-3-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1308322020-24824-1-git-send-email-zohar@linux.vnet.ibm.com>
Option 1: security_inode_init_security returning xattr array
Changelog v7:
- moved the initialization call to security_inode_init_security,
renaming evm_inode_post_init_security to evm_inode_init_security
- increase size of xattr array for EVM xattr
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
fs/ext4/xattr_security.c | 2 +-
include/linux/security.h | 2 +-
security/security.c | 15 ++++++++++-----
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/fs/ext4/xattr_security.c b/fs/ext4/xattr_security.c
index ccf3347..6b6a330 100644
--- a/fs/ext4/xattr_security.c
+++ b/fs/ext4/xattr_security.c
@@ -52,7 +52,7 @@ int
ext4_init_security(handle_t *handle, struct inode *inode, struct inode *dir,
const struct qstr *qstr)
{
- struct xattr new_xattrs[MAX_LSM_XATTR + 1];
+ struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
struct xattr *xattr_array = &new_xattrs[0], *xattr;
int err;
diff --git a/include/linux/security.h b/include/linux/security.h
index bf593c1..577fcf8 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -41,7 +41,7 @@
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX 10
-#define MAX_LSM_XATTR 1
+#define MAX_LSM_EVM_XATTR 2
/* If capable should audit the security request */
#define SECURITY_CAP_NOAUDIT 0
diff --git a/security/security.c b/security/security.c
index 2cfb7c9..f8f21c0 100644
--- a/security/security.c
+++ b/security/security.c
@@ -344,7 +344,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr,
struct xattr **xattr_array)
{
- struct xattr *lsm_xattr;
+ struct xattr *lsm_xattr, *evm_xattr;
+ int ret;
if (unlikely(IS_PRIVATE(inode)))
return -EOPNOTSUPP;
@@ -353,10 +354,14 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
return security_ops->inode_init_security(inode, dir, qstr,
NULL, NULL, NULL);
lsm_xattr = *xattr_array;
- return security_ops->inode_init_security(inode, dir, qstr,
- &lsm_xattr->name,
- &lsm_xattr->value,
- &lsm_xattr->value_len);
+ ret = security_ops->inode_init_security(inode, dir, qstr,
+ &lsm_xattr->name,
+ &lsm_xattr->value,
+ &lsm_xattr->value_len);
+ if (ret)
+ return ret;
+ evm_xattr = lsm_xattr + 1;
+ return evm_inode_init_security(inode, lsm_xattr, evm_xattr);
}
EXPORT_SYMBOL(security_inode_init_security);
--
1.7.3.4
next prev parent reply other threads:[~2011-06-17 14:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-17 14:46 [RFC PATCH 0/4] security_inode_init_security API change Mimi Zohar
2011-06-17 14:46 ` [RFC PATCH 1/4] security: modify security_inode_init_security to return an array of xattrs Mimi Zohar
2011-06-17 14:46 ` Mimi Zohar [this message]
2011-06-17 14:46 ` [RFC PATCH 3/4] security: add security_inode_init_security function callback parameter Mimi Zohar
2011-06-20 11:21 ` Dmitry Kasatkin
2011-06-17 14:47 ` [RFC PATCH 4/4] evm: call evm_inode_init_security from security_inode_init_security Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1308322020-24824-3-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=swhiteho@redhat.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).