On Mon, 2005-07-11 at 00:39 +0100, Christoph Hellwig wrote:
> On Fri, Jul 08, 2005 at 09:55:14AM -0400, Stephen Smalley wrote:
> > +int
> > +ext2_init_security(struct inode *inode, struct inode *dir)
> > +{
> > + int err;
> > + size_t len;
> > + void *value;
> > + char *name;
> > +
> > + err = security_inode_init_security(inode, dir, &name, &value, &len);
> > + if (err) {
> > + if (err == -EOPNOTSUPP)
> > + return 0;
> > + return err;
> > + }
> > + err = ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY,
> > + name, value, len, 0);
> > + kfree(name);
> > + kfree(value);
>
> Please set the xattr from security_inode_init_security by using ->setxattr,
> that
> way we don't need to duplicate this code everywhere.
That doesn't allow us to ensure that the setting of the xattr occurs in
the same transaction as the create (in the ext3 case, doesn't matter for
ext2), so you can still have a crash and leave an unlabeled file around.
Just followed the example of the ACL code here, except that it doesn't
need to call to a security module to determine the ACL of the new inode.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
