Quoting Chris Wright ([EMAIL PROTECTED]): > * Mimi Zohar ([EMAIL PROTECTED]) wrote: > > +static int dummy_inode_setxattr(struct dentry *dentry, char *name, void > > *value, > > + size_t size, int flags) > > +{ > > + if (!strncmp(name, XATTR_SECURITY_PREFIX, > > + sizeof(XATTR_SECURITY_PREFIX) - 1) && > > + !capable(CAP_SYS_ADMIN)) > > + return -EPERM; > > + return 0; > > +} > > Hold on, what is all this? Duplication of all of this code is a no go.
It's unfortunate, agreed, but use of LSM as an integrity framework was also a no-go. Options? thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/