Re: [patch 5/12] lsm stacking v0.2: actual stacker module
From: Stephen Smalley
Date: Mon Jul 11 2005 - 09:46:56 EST
On Thu, 2005-06-30 at 14:50 -0500, serue@xxxxxxxxxx wrote:
> Adds the actual stacker LSM.
<snip>
> +static int stacker_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
> +{
> + RETURN_ERROR_IF_ANY_ERROR(inode_getsecurity,inode_getsecurity(inode,name,buffer,size));
> +}
> +
> +static int stacker_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
> +{
> + RETURN_ERROR_IF_ANY_ERROR(inode_setsecurity,inode_setsecurity(inode,name,value,size,flags));
> +}
> +
> +static int stacker_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
> +{
> + RETURN_ERROR_IF_ANY_ERROR(inode_listsecurity,inode_listsecurity(inode,buffer, buffer_size));
> +}
These hooks pose a similar problem for stacking as with the
[gs]etprocattr hooks, although [gs]etsecurity have the benefit of
already taking a distinguishing name suffix (the part after the
security. prefix). Note also that inode_getsecurity returns the number
of bytes used/required on success.
The proposed inode_init_security hook will likewise have an issue for
stacking.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/