On 10/28/2015 01:31 PM, Stephen Smalley wrote: > On 10/28/2015 07:48 AM, Andreas Gruenbacher wrote: >> On Tue, Oct 27, 2015 at 5:40 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote: >>> On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote: >>>> >>>> Use path_has_perm directly instead. >>> >>> >>> This reverts: >>> >>> commit 13f8e9810bff12d01807b6f92329111f45218235 >>> Author: David Howells <dhowe...@redhat.com> >>> Date: Thu Jun 13 23:37:55 2013 +0100 >>> >>> SELinux: Institute file_path_has_perm() >>> >>> Create a file_path_has_perm() function that is like path_has_perm() but >>> instead takes a file struct that is the source of both the path and the >>> inode (rather than getting the inode from the dentry in the path). >>> This >>> is then used where appropriate. >>> >>> This will be useful for situations like unionmount where it will be >>> possible to have an apparently-negative dentry (eg. a fallthrough) that >>> is >>> open with the file struct pointing to an inode on the lower fs. >>> >>> Signed-off-by: David Howells <dhowe...@redhat.com> >>> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> >>> >>> which I think David was intending to use as part of his SELinux/overlayfs >>> support. >> >> Okay. As long as overlayfs support in SELinux is in half-finished >> state, let's leave this alone. > > Also, the caller is holding a spinlock (tty_files_lock), so you can't call > inode_doinit from > here. > > Try stress testing your patch series by just always setting isec->initialized > to LABEL_INVALID. > Previously the *has_perm functions could be called under essentially any > condition, with the exception > of when in a RCU walk and needing to audit the dname (but they did not > previously block/sleep).
file_has_perm() also gets called from match_file() callback to iterate_fd(), which holds files->file_lock. _______________________________________________ Ocfs2-devel mailing list Ocfs2-devel@oss.oracle.com https://oss.oracle.com/mailman/listinfo/ocfs2-devel
