Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels

From: Andreas Gruenbacher
Date: Mon Oct 05 2015 - 14:39:18 EST

Next message: Jiri Kosina: "Re: [PATCH] Add quirk for Lenovo Yoga 2 with ITE Chips"
Previous message: Jiri Olsa: "Re: [PATCH 5/9] perf tools: Introduce 'P' modifier"
In reply to: Casey Schaufler: "Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels"
Next in thread: Andreas Gruenbacher: "[PATCH v2 2/2] gfs2: Invalide security labels of inodes that go invalid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 5, 2015 at 8:24 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 10/4/2015 12:19 PM, Andreas Gruenbacher wrote:
>> Add a hook to invalidate an inode's security label when the cached
>> information becomes invalid.
>
> Where is this used?

See the next patch in this patch queue, gfs2.

> If I need to do the same for Smack or any other module, how would I know that
> it works right?

I haven't looked at Smack but if it does the same thing as SELinux,
then label updates on one gfs2 nod ein a cluster won't become visible
on other nodes without this fix, and with this fix they will.

Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: [PATCH] Add quirk for Lenovo Yoga 2 with ITE Chips"
Previous message: Jiri Olsa: "Re: [PATCH 5/9] perf tools: Introduce 'P' modifier"
In reply to: Casey Schaufler: "Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels"
Next in thread: Andreas Gruenbacher: "[PATCH v2 2/2] gfs2: Invalide security labels of inodes that go invalid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]