Re: [PATCH] remove CONFIG_XFS_SECURITY

public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Timothy Shimmin <tes@sgi.com>
To: Eric Sandeen <sandeen@sandeen.net>
Cc: xfs-oss <xfs@oss.sgi.com>
Subject: Re: [PATCH] remove CONFIG_XFS_SECURITY
Date: Mon, 07 Apr 2008 12:23:54 +1000	[thread overview]
Message-ID: <47F985BA.7060100@sgi.com> (raw)
In-Reply-To: <47BB7774.5080401@sandeen.net>

Eric Sandeen wrote:
> Eric Sandeen wrote:
>> Is there any point to this option?  Sure, it disables the ability
>> to set security attributes at runtime, but it doesn't slim down 
>> any code.
>>
>> Any reason to not remove it, and always allow security attributes
>> to be set?
> 
> Ack? Nak?  Comments?
> 
Fine by me. I'm not sure of the point either.
However, don't need to modify the attr_secure_capable function,
might as well delete it and
just use fs_noerr for the capable hook field.

--Tim

(BTW, will check in attr2 fixes soon - need to write a qa test ;-)


> -Eric
> 
>> Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
>>
>> ---
>>
>> Index: linux-2.6.24-rc3/fs/xfs/Kconfig
>> ===================================================================
>> --- linux-2.6.24-rc3.orig/fs/xfs/Kconfig
>> +++ linux-2.6.24-rc3/fs/xfs/Kconfig
>> @@ -35,18 +35,6 @@ config XFS_QUOTA
>>  	  with or without the generic quota support enabled (CONFIG_QUOTA) -
>>  	  they are completely independent subsystems.
>>  
>> -config XFS_SECURITY
>> -	bool "XFS Security Label support"
>> -	depends on XFS_FS
>> -	help
>> -	  Security labels support alternative access control models
>> -	  implemented by security modules like SELinux.  This option
>> -	  enables an extended attribute namespace for inode security
>> -	  labels in the XFS filesystem.
>> -
>> -	  If you are not using a security module that requires using
>> -	  extended attributes for inode security labels, say N.
>> -
>>  config XFS_POSIX_ACL
>>  	bool "XFS POSIX ACL support"
>>  	depends on XFS_FS
>> Index: linux-2.6.24-rc3/fs/xfs/linux-2.6/xfs_super.h
>> ===================================================================
>> --- linux-2.6.24-rc3.orig/fs/xfs/linux-2.6/xfs_super.h
>> +++ linux-2.6.24-rc3/fs/xfs/linux-2.6/xfs_super.h
>> @@ -50,13 +50,8 @@ extern void xfs_qm_exit(void);
>>  # define set_posix_acl_flag(sb)	do { } while (0)
>>  #endif
>>  
>> -#ifdef CONFIG_XFS_SECURITY
>> -# define XFS_SECURITY_STRING	"security attributes, "
>> -# define ENOSECURITY		0
>> -#else
>> -# define XFS_SECURITY_STRING
>> -# define ENOSECURITY		EOPNOTSUPP
>> -#endif
>> +/* Used to be "configurable" so keep it around. */
>> +#define XFS_SECURITY_STRING	"security attributes, "
>>  
>>  #ifdef CONFIG_XFS_RT
>>  # define XFS_REALTIME_STRING	"realtime, "
>> Index: linux-2.6.24-rc3/fs/xfs/xfs_attr.c
>> ===================================================================
>> --- linux-2.6.24-rc3.orig/fs/xfs/xfs_attr.c
>> +++ linux-2.6.24-rc3/fs/xfs/xfs_attr.c
>> @@ -2651,7 +2651,7 @@ attr_secure_capable(
>>  	bhv_vnode_t	*vp,
>>  	cred_t		*cred)
>>  {
>> -	return -ENOSECURITY;
>> +	return 0;
>>  }
>>  
>>  STATIC int
>>
>>
>

next prev parent reply	other threads:[~2008-04-07  2:23 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-07  3:36 [PATCH] remove CONFIG_XFS_SECURITY Eric Sandeen
2008-01-07  7:12 ` Christoph Hellwig
2008-02-20  0:42 ` Eric Sandeen
2008-04-07  2:23   ` Timothy Shimmin [this message]
2008-04-11 14:39     ` [PATCH V2] " Eric Sandeen
2008-04-11 16:04       ` Christoph Hellwig
2008-04-11 16:13         ` Eric Sandeen
2008-04-15  0:33           ` Timothy Shimmin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47F985BA.7060100@sgi.com \
    --to=tes@sgi.com \
    --cc=sandeen@sandeen.net \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox