On Wed, 2015-06-03 at 06:50 +0200, Lennart Poettering wrote: > On Tue, 02.06.15 11:55, Mimi Zohar ([email protected]) wrote: > > > > We could add another parameter to copy_bytes(), but in this case it's > > > cleaner to call fstat() and loop_write(). > > > > Right. copy_bytes has no concept of rules/records. So either "another > > parameter" is added to copy_bytes to indicate skip try_sendfile and > > write the entire policy, or [partially] revert the patch to calll > > loop_write() to write the entire policy directly. > > In which way does sendfile() fail here? I mean, the code currently > understands ENOSYS and EINVAL as indications that sendfile() is not > supported on an fd. What does sendfile() on the IMA device return? > Most likely we can just check for that error code, and then try the > loop as fallback.
After the sendfile failure, in addition to resetting the file position to the beginning of the file, the file would also need to be closed and re-opened. Otherwise, IMA assumes the policy was malformed and fails the policy update. Mimi _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
