[PATCH 0/2] getsecurity/vfs_getxattr cleanup V2

This patch series addresses two concerns. Currently when a developer wishes to obtain a security blob from the LSM he/she has to guess at the length of the blob being returned. We modify security_inode_getsecurity to return an appropriately sized buffer populated with the security information and

[PATCH 2/2] VFS: Reorder vfs_getxattr to avoid unnecessary calls to the LSM

the value from the LSM directly. If it fails to obtain the value because there is no module present or the module does not support the operation it will fall back to using the inode getxattr operation. In the event that both are inaccessible it returns EOPNOTSUPP. Signed-off-by: David P. Quigley [EMAIL

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Sat, 2007-10-27 at 08:14 +1000, James Morris wrote: On Fri, 26 Oct 2007, Serge E. Hallyn wrote: It wouldn't be much effort to rebase this patch against Linus's latest tree. I am assuming that the static lsm patch is in there based on the recent discussion on LKML? Oh, sorry for

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): This patch modifies the interface to inode_getsecurity to have the function return a buffer containing the security blob and its length via parameters instead of relying

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Fri, 2007-10-26 at 10:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): static int task_alloc_security(struct task_struct *task) @@ -2423,14

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Fri, 2007-10-26 at 11:13 -0400, David P. Quigley wrote: On Fri, 2007-10-26 at 10:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): static int

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Fri, 2007-10-26 at 10:07 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): This patch modifies the interface to inode_getsecurity to have

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Fri, 2007-10-26 at 10:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): static int task_alloc_security(struct task_struct *task) @@ -2423,14

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

On Fri, 2007-10-26 at 11:36 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): On Fri, 2007-10-26 at 10:02 -0500, Serge E. Hallyn wrote: Quoting David P. Quigley ([EMAIL PROTECTED]): On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote: Quoting David P

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

On Wed, 2007-10-24 at 21:04 +0200, Jan Engelhardt wrote: On Oct 24 2007 19:59, Simon Arlott wrote: On 24/10/07 19:51, Jan Engelhardt wrote: On Oct 24 2007 19:11, Simon Arlott wrote: * (I've got a list of access rules which are scanned in order until one of them matches, and an array of

Re: [RFC 0/2] getsecurity/vfs_getxattr cleanup

Any comments on these patches? I know Casey voiced some concerns about them the first time I posted them but I believe I have adequately addressed them. Dave On Mon, 2007-10-22 at 15:06 -0400, David P. Quigley wrote: This patch series addresses two concerns. Currently when a developer wishes