From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e23smtp01.au.ibm.com ([202.81.31.143]:58141 "EHLO e23smtp01.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751567AbcEYLK5 (ORCPT ); Wed, 25 May 2016 07:10:57 -0400 Received: from localhost by e23smtp01.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 25 May 2016 21:10:55 +1000 Message-ID: <1464174490.2763.146.camel@linux.vnet.ibm.com> Subject: Re: [PATCH v2 10/18] evm: Turn evm_update_evmxattr into void function From: Mimi Zohar To: James Morris Cc: Andreas Gruenbacher , Alexander Viro , linux-fsdevel@vger.kernel.org, Tyler Hicks , ecryptfs@vger.kernel.org, Miklos Szeredi , linux-unionfs@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, David Howells , Serge Hallyn , Dmitry Kasatkin , Paul Moore , Stephen Smalley , Eric Paris , Casey Schaufler , Oleg Drokin , Andreas Dilger Date: Wed, 25 May 2016 07:08:10 -0400 In-Reply-To: References: <1463742875-9836-1-git-send-email-agruenba@redhat.com> <1463742875-9836-11-git-send-email-agruenba@redhat.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, 2016-05-25 at 15:30 +1000, James Morris wrote: > On Fri, 20 May 2016, Andreas Gruenbacher wrote: > > > The return value of evm_update_evmxattr is never used. > > > > Signed-off-by: Andreas Gruenbacher > > As I mentioned last time, the EVM code is silently ignoring errors here, > and I'd prefer to see that fixed. Agreed. evm_update_evmxattr() is called as a result of a "protected" xattr or some other file metadata having been modified. The two actions need to remain in sync, otherwise subsequent file access will be denied. At the point that evm_update_evmxattr() fails, there isn't much that can be done other than audit the failure. The file metadata has already been modified. Mimi