On Tue, Nov 22, 2005 at 02:08:46PM +0800, Hawk Xu wrote: > John Johansen wrote: > > >On Tue, Nov 22, 2005 at 01:06:17PM +0800, Hawk Xu wrote: > > > > > >>Hi! > >> > >>I use inode_alloc_security() hook to alloate space for security > >>attributes of inodes. But I found that for the i_security field is > >>still NULL for: > >> > >>1. all files (the security LSM is loaded manually after system boot) > >>2. all files created after system boot (the security LSM is loaded > >>during system boot) > >> > >>It seems that the inode_alloc_security() hook is not always called. And > >>in my inode_post_setxattr() hook, I have to check that the i_security > >>field is non-NULL before setting security attributes for the inode. Any > >>idea to avoid this? > >> > >> > >> > >the i_security field is NULL for all files that are created before your > >security module is loaded because the dummy inode_alloc_security hook is > >called until your module has registered it security fn hooks. The only > >way to > >avoid this is build your module as part of the kernel (ie. not a loadable > >module), look at the selinux code for an exmaple of how to do this. > > > > > I think that your explanation doesn't explain my `2' (i_security is NULL > for all files created after the LSM is loaded), what do you think? > sorry but in my experience inodes that are created after the security module is loaded have their i_security field properly set, though I can't say I have ever checked it through the inode_post_setxattr hook. jj
This archive was generated by hypermail 2.1.3 : Tue Nov 22 2005 - 01:14:28 PST