From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Wright Subject: Re: [PATCH] LSM file locking patch is bogus Date: Mon, 29 Jul 2002 16:58:34 -0700 Sender: linux-fsdevel-owner@vger.kernel.org Message-ID: <20020729165834.A16363@figure1.int.wirex.com> References: <20020727233149.G1441@parcelfarce.linux.theplanet.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Linus Torvalds , linux-security-module@wirex.com, linux-fsdevel@vger.kernel.org Return-path: To: Matthew Wilcox Content-Disposition: inline In-Reply-To: <20020727233149.G1441@parcelfarce.linux.theplanet.co.uk>; from matthew@wil.cx on Sat, Jul 27, 2002 at 11:31:49PM +0100 List-Id: linux-fsdevel.vger.kernel.org * Matthew Wilcox (matthew@wil.cx) wrote: > > - Remove third argument from file_lock security op. Whether the lock is > blocking or not cannot make any difference to a security module! > - Fix the call in sys_flock to pass the translated lock command, not the > original. > - Add a call in fcntl_setlease. If they're going to know about two types > of lock, let's tell them about the third too. Matthew, thanks for the patch. It is incomplete, however, as the code that uses this hook needs to be updated as well. Linus, the patch below is relative to Matthew Wilcox's patch, and adjusts the superuser and capability modules according to the change in the interface. --- 2.5.29-flock/security/dummy.c Mon Jul 22 14:44:49 2002 +++ 2.5.29/security/dummy.c Mon Jul 29 16:54:52 2002 @@ -366,7 +366,7 @@ return 0; } -static int dummy_file_lock (struct file *file, unsigned int cmd, int blocking) +static int dummy_file_lock (struct file *file, unsigned int cmd) { return 0; } --- 2.5.29-flock/security/capability.c Mon Jul 22 14:17:37 2002 +++ 2.5.29/security/capability.c Mon Jul 29 16:54:28 2002 @@ -464,7 +464,7 @@ return 0; } -static int cap_file_lock (struct file *file, unsigned int cmd, int blocking) +static int cap_file_lock (struct file *file, unsigned int cmd) { return 0; } thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net