From: Eric Sandeen <sandeen@sandeen.net>
To: xfs-oss <xfs@oss.sgi.com>
Subject: Re: [PATCH] remove CONFIG_XFS_SECURITY
Date: Tue, 19 Feb 2008 18:42:28 -0600 [thread overview]
Message-ID: <47BB7774.5080401@sandeen.net> (raw)
In-Reply-To: <47819E47.4030906@sandeen.net>
Eric Sandeen wrote:
> Is there any point to this option? Sure, it disables the ability
> to set security attributes at runtime, but it doesn't slim down
> any code.
>
> Any reason to not remove it, and always allow security attributes
> to be set?
Ack? Nak? Comments?
-Eric
> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
>
> ---
>
> Index: linux-2.6.24-rc3/fs/xfs/Kconfig
> ===================================================================
> --- linux-2.6.24-rc3.orig/fs/xfs/Kconfig
> +++ linux-2.6.24-rc3/fs/xfs/Kconfig
> @@ -35,18 +35,6 @@ config XFS_QUOTA
> with or without the generic quota support enabled (CONFIG_QUOTA) -
> they are completely independent subsystems.
>
> -config XFS_SECURITY
> - bool "XFS Security Label support"
> - depends on XFS_FS
> - help
> - Security labels support alternative access control models
> - implemented by security modules like SELinux. This option
> - enables an extended attribute namespace for inode security
> - labels in the XFS filesystem.
> -
> - If you are not using a security module that requires using
> - extended attributes for inode security labels, say N.
> -
> config XFS_POSIX_ACL
> bool "XFS POSIX ACL support"
> depends on XFS_FS
> Index: linux-2.6.24-rc3/fs/xfs/linux-2.6/xfs_super.h
> ===================================================================
> --- linux-2.6.24-rc3.orig/fs/xfs/linux-2.6/xfs_super.h
> +++ linux-2.6.24-rc3/fs/xfs/linux-2.6/xfs_super.h
> @@ -50,13 +50,8 @@ extern void xfs_qm_exit(void);
> # define set_posix_acl_flag(sb) do { } while (0)
> #endif
>
> -#ifdef CONFIG_XFS_SECURITY
> -# define XFS_SECURITY_STRING "security attributes, "
> -# define ENOSECURITY 0
> -#else
> -# define XFS_SECURITY_STRING
> -# define ENOSECURITY EOPNOTSUPP
> -#endif
> +/* Used to be "configurable" so keep it around. */
> +#define XFS_SECURITY_STRING "security attributes, "
>
> #ifdef CONFIG_XFS_RT
> # define XFS_REALTIME_STRING "realtime, "
> Index: linux-2.6.24-rc3/fs/xfs/xfs_attr.c
> ===================================================================
> --- linux-2.6.24-rc3.orig/fs/xfs/xfs_attr.c
> +++ linux-2.6.24-rc3/fs/xfs/xfs_attr.c
> @@ -2651,7 +2651,7 @@ attr_secure_capable(
> bhv_vnode_t *vp,
> cred_t *cred)
> {
> - return -ENOSECURITY;
> + return 0;
> }
>
> STATIC int
>
>
next prev parent reply other threads:[~2008-02-20 0:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-07 3:36 [PATCH] remove CONFIG_XFS_SECURITY Eric Sandeen
2008-01-07 7:12 ` Christoph Hellwig
2008-02-20 0:42 ` Eric Sandeen [this message]
2008-04-07 2:23 ` Timothy Shimmin
2008-04-11 14:39 ` [PATCH V2] " Eric Sandeen
2008-04-11 16:04 ` Christoph Hellwig
2008-04-11 16:13 ` Eric Sandeen
2008-04-15 0:33 ` Timothy Shimmin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47BB7774.5080401@sandeen.net \
--to=sandeen@sandeen.net \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox