Re: [PATCH] integrity: fix IMA inode leak

[Mimi Zohar]

On Tue, 2009-06-09 at 09:16 +1000, James Morris wrote:
> On Mon, 8 Jun 2009, Mimi Zohar wrote:
> 
> > 
> > Ok, so instead of having a full fledge single security layer, only add
> > the security layer for those places where both the LSM hooks and IMA
> > co-exist: security_file_mmap, security_bprm_check, security_inode_alloc,
> > security_inode_free, and security_file_free. As the LSM hooks are called
> > 'security_XXXX', the call would look something like:
> > 
> > security_all_inode_free() {
> >         ima_inode_free()
> >         security_inode_free()
> > }
> 
> Yes, it only needs to be a wrapper.  The above is ugly, how about:

agreed!  But changing only these 5 security_ hook names and leaving the
rest alone is even uglier.

> security_inode_free()
> {
> 	ima_inode_free();
> 	lsm_inode_free();
> }
> 
> I think we may have come full circle on the naming of the LSM hook, but 
> 'security_*' was never great given that it's only supposed to be covering 
> access control.

so why not 'mac_'?

Mimi Zohar

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/