Quoting Chris Wright ([EMAIL PROTECTED]):
> * Mimi Zohar ([EMAIL PROTECTED]) wrote:
> > +static int dummy_inode_setxattr(struct dentry *dentry, char *name, void 
> > *value,
> > +                           size_t size, int flags)
> > +{
> > +   if (!strncmp(name, XATTR_SECURITY_PREFIX,
> > +                sizeof(XATTR_SECURITY_PREFIX) - 1) &&
> > +       !capable(CAP_SYS_ADMIN))
> > +           return -EPERM;
> > +   return 0;
> > +}
> 
> Hold on, what is all this?  Duplication of all of this code is a no go.

It's unfortunate, agreed, but

use of LSM as an integrity framework was also a no-go.

Options?

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to