From: Chris Wright <chris@wirex.com>
To: Matthew Wilcox <matthew@wil.cx>
Cc: Linus Torvalds <torvalds@transmeta.com>,
linux-security-module@wirex.com, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] LSM file locking patch is bogus
Date: Mon, 29 Jul 2002 16:58:34 -0700 [thread overview]
Message-ID: <20020729165834.A16363@figure1.int.wirex.com> (raw)
In-Reply-To: <20020727233149.G1441@parcelfarce.linux.theplanet.co.uk>; from matthew@wil.cx on Sat, Jul 27, 2002 at 11:31:49PM +0100
* Matthew Wilcox (matthew@wil.cx) wrote:
>
> - Remove third argument from file_lock security op. Whether the lock is
> blocking or not cannot make any difference to a security module!
> - Fix the call in sys_flock to pass the translated lock command, not the
> original.
> - Add a call in fcntl_setlease. If they're going to know about two types
> of lock, let's tell them about the third too.
Matthew, thanks for the patch. It is incomplete, however, as the code
that uses this hook needs to be updated as well.
Linus, the patch below is relative to Matthew Wilcox's patch, and
adjusts the superuser and capability modules according to the change in
the interface.
--- 2.5.29-flock/security/dummy.c Mon Jul 22 14:44:49 2002
+++ 2.5.29/security/dummy.c Mon Jul 29 16:54:52 2002
@@ -366,7 +366,7 @@
return 0;
}
-static int dummy_file_lock (struct file *file, unsigned int cmd, int blocking)
+static int dummy_file_lock (struct file *file, unsigned int cmd)
{
return 0;
}
--- 2.5.29-flock/security/capability.c Mon Jul 22 14:17:37 2002
+++ 2.5.29/security/capability.c Mon Jul 29 16:54:28 2002
@@ -464,7 +464,7 @@
return 0;
}
-static int cap_file_lock (struct file *file, unsigned int cmd, int blocking)
+static int cap_file_lock (struct file *file, unsigned int cmd)
{
return 0;
}
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
prev parent reply other threads:[~2002-07-29 23:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-27 22:31 [PATCH] LSM file locking patch is bogus Matthew Wilcox
2002-07-28 3:02 ` Seth Arnold
2002-07-28 3:13 ` Linus Torvalds
2002-08-09 3:59 ` H. Peter Anvin
2002-07-28 18:47 ` Greg KH
2002-07-29 23:58 ` Chris Wright [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020729165834.A16363@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=matthew@wil.cx \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox