From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-fsdevel@vger.kernel.org, Dave Chinner <david@fromorbit.com>,
Steven Whitehouse <swhiteho@redhat.com>,
Mimi Zohar <zohar@us.ibm.com>
Subject: [RFC PATCH 4/4] evm: call evm_inode_init_security from security_inode_init_security
Date: Fri, 17 Jun 2011 10:47:00 -0400 [thread overview]
Message-ID: <1308322020-24824-5-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1308322020-24824-1-git-send-email-zohar@linux.vnet.ibm.com>
Option 2: security_inode_init_security function callback parameter
Changelog v7:
- moved the EVM xattr initialization call to security_inode_init_security,
renaming evm_inode_post_init_security to evm_inode_init_security
- increase size of xattr array for EVM xattr
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
---
security/security.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/security/security.c b/security/security.c
index b4b997d..0480fb2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -20,7 +20,7 @@
#include <linux/ima.h>
#include <linux/evm.h>
-#define MAX_LSM_XATTR 1
+#define MAX_LSM_EVM_XATTR 2
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -350,8 +350,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
void *fs_data
)
{
- struct xattr new_xattrs[MAX_LSM_XATTR + 1];
- struct xattr *lsm_xattr;
+ struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
+ struct xattr *lsm_xattr, *evm_xattr, *xattr;
int ret;
if (unlikely(IS_PRIVATE(inode)))
@@ -368,11 +368,16 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
&lsm_xattr->value_len);
if (ret)
goto out;
+ evm_xattr = lsm_xattr + 1;
+ ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr);
+ if (ret)
+ goto out;
ret = initxattrs(inode, new_xattrs, 0, fs_data);
out:
- kfree(lsm_xattr->name);
- kfree(lsm_xattr->value);
-
+ for (xattr = new_xattrs; xattr->name != NULL; xattr++) {
+ kfree(xattr->name);
+ kfree(xattr->value);
+ }
return (ret == -EOPNOTSUPP) ? 0 : ret;
}
EXPORT_SYMBOL(security_inode_init_security);
--
1.7.3.4
prev parent reply other threads:[~2011-06-17 14:47 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-17 14:46 [RFC PATCH 0/4] security_inode_init_security API change Mimi Zohar
2011-06-17 14:46 ` [RFC PATCH 1/4] security: modify security_inode_init_security to return an array of xattrs Mimi Zohar
2011-06-17 14:46 ` [RFC PATCH 2/4] evm: call evm_inode_init_security from security_inode_init_security Mimi Zohar
2011-06-17 14:46 ` [RFC PATCH 3/4] security: add security_inode_init_security function callback parameter Mimi Zohar
2011-06-20 11:21 ` Dmitry Kasatkin
2011-06-17 14:47 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1308322020-24824-5-git-send-email-zohar@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=swhiteho@redhat.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).