Re: [PATCH 1/4] Cache xattr security drop check for write

From: Valdis . Kletnieks
Date: Sun May 29 2011 - 13:49:04 EST

Next message: Mikael Pettersson: "Re: [GIT pull] x86 vdso updates"
Previous message: August Lilleaas: "[PATCH] Firewire: net: replacing deprecated __attribute__((packed)) with __packed"
In reply to: Andi Kleen: "Re: [PATCH 1/4] Cache xattr security drop check for write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 29 May 2011 07:24:32 PDT, Andi Kleen said:

> These are not for selinux xattrs, but capability xattrs.

+#define S_NOSEC 4096 /* no suid or xattr security attributes */

Sorry for reading that wrong, since selinux stores stuff under security.* xattr
as well.

+ int issec = !strncmp(name, XATTR_SECURITY_PREFIX,
+ XATTR_SECURITY_PREFIX_LEN);

is going to match *any* security.* attribute, including SELinux ones stored under
security.selinux. If you wanted to be capability-specific, maybe youw anted these
two:

#define XATTR_CAPS_SUFFIX "capability"
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Mikael Pettersson: "Re: [GIT pull] x86 vdso updates"
Previous message: August Lilleaas: "[PATCH] Firewire: net: replacing deprecated __attribute__((packed)) with __packed"
In reply to: Andi Kleen: "Re: [PATCH 1/4] Cache xattr security drop check for write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]