Re: [RFC] LSM changes for 2.5.38

From: Greg KH (gregat_private)
Date: Thu Sep 26 2002 - 13:28:10 PDT

  • Next message: Greg KH: "Re: [RFC] LSM changes for 2.5.38"

    Copied linux-fsdevel, as it touches the core fs code.
    
    
    # This is a BitKeeper generated patch for the following project:
    # Project Name: Linux kernel tree
    # This patch format is intended for GNU patch command version 2.5 or higher.
    # This patch includes the following deltas:
    #	           ChangeSet	1.613   -> 1.614  
    #	          fs/inode.c	1.69    -> 1.70   
    #
    # The following is the BitKeeper ChangeSet Log
    # --------------------------------------------
    # 02/09/26	sdsat_private	1.614
    # [PATCH] LSM: inode.c init modification
    # 
    # On Thu, 19 Sep 2002, Greg KH wrote:
    # 
    # > Yes, and explaining the fine points of inode_init() and
    # > inode_alloc_security() and why they are different, might be a bit tough.
    # >
    # > {sigh}, well if there's no other way (and I can't think of one right
    # > now), but I really don't like it...
    # 
    # Here's a patch that attempt to support the same functionality without
    # inserting hooks into filesystem-specific code.  This patch permits the
    # security module to perform initialization of the inode security state
    # based on the superblock information, enabling SELinux to initialize
    # pipe, devpts, and shm inodes without relying on inode_precondition to
    # catch them on first use.
    # 
    # This is achieved simply by moving the initialization of inode->i_sb
    # before the call to inode_alloc_security, enabling the
    # inode_alloc_security hook function to perform the allocation and
    # initialization for such inodes.  No new hooks are required.
    # --------------------------------------------
    #
    diff -Nru a/fs/inode.c b/fs/inode.c
    --- a/fs/inode.c	Thu Sep 26 13:23:52 2002
    +++ b/fs/inode.c	Thu Sep 26 13:23:52 2002
    @@ -101,6 +101,7 @@
     	if (inode) {
     		struct address_space * const mapping = &inode->i_data;
     
    +		inode->i_sb = sb;
     		inode->i_security = NULL;
     		if (security_ops->inode_alloc_security(inode)) {
     			if (inode->i_sb->s_op->destroy_inode)
    @@ -109,7 +110,6 @@
     				kmem_cache_free(inode_cachep, (inode));
     			return NULL;
     		}
    -		inode->i_sb = sb;
     		inode->i_dev = sb->s_dev;
     		inode->i_blkbits = sb->s_blocksize_bits;
     		inode->i_flags = 0;
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 13:36:24 PDT