From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Morris Subject: Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer Date: Fri, 2 Nov 2007 07:58:18 +1100 (EST) Message-ID: References: <1193927704.18533.7.camel@moss-terrapins.epoch.ncsc.mil> <1193928027.18533.11.camel@moss-terrapins.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, sds@tycho.nsa.gov, serue@us.ibm.com, akpm@linux-foundation.org To: "David P. Quigley" Return-path: In-Reply-To: <1193928027.18533.11.camel@moss-terrapins.epoch.ncsc.mil> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thu, 1 Nov 2007, David P. Quigley wrote: > This patch modifies the interface to inode_getsecurity to have the function > return a buffer containing the security blob and its length via parameters > instead of relying on the calling function to give it an appropriately sized > buffer. Security blobs obtained with this function should be freed using the > release_secctx LSM hook. This alleviates the problem of the caller having to > guess a length and preallocate a buffer for this function allowing it to be > used elsewhere for Labeled NFS. The patch also removed the unused err > parameter. The conversion is similar to the one performed by Al Viro for the > security_getprocattr hook. > > Signed-off-by: David P. Quigley Acked-by: James Morris -- James Morris