From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 2/2] VFS: Reorder vfs_getxattr to avoid unnecessary
	calls to the LSM
Date: Thu, 25 Oct 2007 18:43:57 -0500
Message-ID: <20071025234357.GA2795@vino.hallyn.com>
References: <1193079974.30930.2.camel@moss-terrapins.epoch.ncsc.mil> <1193080313.30930.8.camel@moss-terrapins.epoch.ncsc.mil> <Xine.LNX.4.64.0710240941280.10783@us.intercode.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "David P. Quigley" <dpquigl@tycho.nsa.gov>,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov
To: James Morris <jmorris@namei.org>
Return-path: <linux-security-module-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <Xine.LNX.4.64.0710240941280.10783@us.intercode.com.au>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Quoting James Morris (jmorris@namei.org):
> On Mon, 22 Oct 2007, David P. Quigley wrote:
> 
> > Originally vfs_getxattr would pull the security xattr variable using
> > the inode getxattr handle and then proceed to clobber it with a subsequent call
> > to the LSM. This patch reorders the two operations such that when the xattr
> > requested is in the security namespace it first attempts to grab the value from
> > the LSM directly. If it fails to obtain the value because there is no module
> > present or the module does not support the operation it will fall back to using
> > the inode getxattr operation. In the event that both are inaccessible it
> > returns EOPNOTSUPP.
> > 
> > Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
> 
> Acked-by: James Morris <jmorris@namei.org>

(not that it matters much, esp with selinux being the only current user,
but)

Acked-by: Serge Hallyn <serue@us.ibm.com>

Makes sense and looks good.

thanks,
-serge