Re: Problems with some of the current hooks

From: Stephen Smalley (sdsat_private)
Date: Mon Aug 06 2001 - 06:13:29 PDT

  • Next message: Stephen Smalley: "Re: Problems with some of the current hooks"

    On Fri, 3 Aug 2001, Greg KH wrote:
    > This is a bit different from all of the other free_security() calls.
    > Should that just be always a call?  And it's up to the security module
    > to guard if it bprm->security is NULL or not, like the other cases.
    The reason that I "guard" this call to bprm_ops->free_security (which I
    also did with the sb_ops->free_security call in fs/super.c:read_super)
    is to skip the call in the case where the alloc_security routine
    itself failed (it does a 'goto out;' just like the subsequent code
    on error).  Otherwise, I would need to rearrange the code after the
    out label and insert a new goto label that would skip the free_security
    call but do the rest of the cleanup processing.  Also, notice that there 
    is a precedent for this kind of guard - the existing code does a 'if
    (bprm.file) fput(bprm.file);' in the same code path.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 06:15:45 PDT