From mboxrd@z Thu Jan  1 00:00:00 1970
From: Amerigo Wang <amwang@redhat.com>
Subject: Re: [Patch 1/2] selinux: ajust rules for ATTR_FORCE
Date: Wed, 19 Aug 2009 10:34:15 +0800
Message-ID: <4A8B64A7.4090707@redhat.com>
References: <20090817071001.5913.94767.sendpatchset@localhost.localdomain>	<20090817071011.5913.69970.sendpatchset@localhost.localdomain>	<1250511313.3629.103.camel@moss-pluto.epoch.ncsc.mil>	<87prau5ld1.fsf@devron.myhome.or.jp>	<1250536052.3629.154.camel@moss-pluto.epoch.ncsc.mil>	<873a7q441a.fsf@devron.myhome.or.jp>	<1250538981.3629.184.camel@moss-pluto.epoch.ncsc.mil>	<87fxbq19qs.fsf@devron.myhome.or.jp>	<87my5yxidt.fsf@devron.myhome.or.jp>	<87y6pha7vv.fsf@devron.myhome.or.jp> <87ljlh119k.fsf@devron.myhome.or.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Stephen Smalley <sds@tycho.nsa.gov>, linux-kernel@vger.kernel.org,
	esandeen@redhat.com, eteo@redhat.com, eparis@redhat.com,
	linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org,
	viro@zeniv.linux.org.uk
To: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Return-path: <linux-kernel-owner+glk-linux-kernel-3=40m.gmane.org-S1751674AbZHSCcD@vger.kernel.org>
In-Reply-To: <87ljlh119k.fsf@devron.myhome.or.jp>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

OGAWA Hirofumi wrote:
> [My ISP still seems to be stopping email server :-/]
>
>   
>>>> So if I read this correctly, (ATTR_FORCE| ATTR_KILL_SUID|ATTR_MODE) will 
>>>> not return here, since 'ia_valid' will be ATTR_FORCE finally.
>>>>
>>>> I think you forgot to clear ATTR_FORCE here...
>>>>         
>>> Whoops, good catch. Fortunately, it doesn't seem to have actual problem,
>>> but it's bug obviously, and sorry for that. Fixed patch was attached.
>>>       
>> You can add my:
>> Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
>>     
>
> Thanks.
>
> Amerigo, could you handle that patch with his ack for the remaining work?
>   

No problem, I will resend the newest patch with his Ack.
> BTW, I think [Patch 2/2] of
>
> -	newattrs.ia_valid |= should_remove_suid(dentry);
> +	ret = should_remove_suid(dentry);
> +	newattrs.ia_valid |= ret;
> +	if (ret)
> +		newattrs.ia_valid |= ATTR_FORCE;
>
> should be
>
> 	killsuid = should_remove_suid(dentry);
> 	if (killsuid)
> 		newattrs.ia_valid |= killsuid | ATTR_FORCE;
>   

Hmm, I almost forgot this... This only saves one statement if 'ret == 
0', but that is OK, I will change it.

Thanks!