* Stephen Smalley (sds@private) wrote: > This patch against 2.6.0-test5 changes the security_inode_permission > hook to also take a nameidata parameter in addition to the existing > inode and mask parameters. A nameidata is already passed (although > sometimes NULL) to fs/namei.c:permission(), and the patch changes > exec_permission_lite() to also take a nameidata parameter so that it can > pass it along to the security hook. The patch includes corresponding > changes to the SELinux module to use the nameidata information when it > is available; this allows SELinux to include pathname information in > audit messages when a nameidata structure was supplied. If anyone has > any objections to this change, please let me know. Looks like Andrew already picked this up. I'll put it in the LSM tree as well. It'd be nice if nameidata were never NULL and we could drop the inode argument altogether. But we can make that change when the VFS supports it. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2b30 : Mon Sep 29 2003 - 23:17:48 PDT