From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joel Becker <Joel.Becker@oracle.com>
Subject: Re: [RFC] The reflink(2) system call v4.
Date: Mon, 11 May 2009 15:34:14 -0700
Message-ID: <20090511223414.GA28209@mail.oracle.com>
References: <1241331303-23753-1-git-send-email-joel.becker@oracle.com> <20090507221535.GA31624@mail.oracle.com> <4A039FF8.7090807@hp.com> <20090508031018.GB8611@mail.oracle.com> <20090511204011.GB30293@mail.oracle.com> <alpine.LRH.2.00.0905120819460.3090@tundra.namei.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: jim owens <jowens@hp.com>, ocfs2-devel@oss.oracle.com,
	viro@zeniv.linux.org.uk, mtk.manpages@gmail.com,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
To: James Morris <jmorris@namei.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from acsinet12.oracle.com ([141.146.126.234]:47140 "EHLO
	acsinet12.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752120AbZEKWfW (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 11 May 2009 18:35:22 -0400
Content-Disposition: inline
In-Reply-To: <alpine.LRH.2.00.0905120819460.3090@tundra.namei.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, May 12, 2009 at 08:27:17AM +1000, James Morris wrote:
> On Mon, 11 May 2009, Joel Becker wrote:
> 
> > and other security attributes (in all, I'm gonna call that the "security
> > context") as well.  So I defined reflink() as such.  This meant
> 
> "security context" is an term associated with SELinux, so you may want to 
> use something like "security attributes" or "security state" to avoid 
> confusing people.

	Ok, I wondered if my brain had picked that out from somewhere.

> > +	error = security_inode_reflink(old_dentry, dir);
> > +	if (error)
> > +		return error;
> 
> We'll need the new_dentry now, to set up new security state before the 
> dentry is instantiated.
> 
> e.g. SELinux will need to perform some checks on the operation, then 
> calculate a new security context for the new file.

	Do I need to pass in preserve_security as well so SELinux knows
what the ownership check determined?

Joel

-- 

"Copy from one, it's plagiarism; copy from two, it's research."
        - Wilson Mizner

Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker@oracle.com
Phone: (650) 506-8127