Re: [PATCH 2/5] selinux: adds a private inode operation

[Jeff Mahoney]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
| On Sat, 2004-11-20 at 19:13, Jeffrey Mahoney wrote:
|
|>diff -ruNpX dontdiff linux-2.6.9/security/selinux/hooks.c
linux-2.6.9.selinux/security/selinux/hooks.c
|>--- linux-2.6.9/security/selinux/hooks.c	2004-11-19 14:40:58.000000000
- -0500
|>+++ linux-2.6.9.selinux/security/selinux/hooks.c	2004-11-20
17:11:22.000000000 -0500
|>@@ -740,6 +740,15 @@ static int inode_doinit_with_dentry(stru
|> 	if (isec->initialized)
|> 		goto out;
|>
|>+	if (opt_dentry && opt_dentry->d_parent &&
opt_dentry->d_parent->d_inode) {
|>+		struct inode_security_struct *pisec =
opt_dentry->d_parent->d_inode->i_security;
|>+		if (pisec->inherit) {
|>+			isec->sid = pisec->sid;
|>+			isec->initialized = 1;
|>+			goto out;
|>+		}
|>+	}
|>+
|> 	down(&isec->sem);
|> 	hold_sem = 1;
|> 	if (isec->initialized)
|
|
| Actually, isn't this code unnecessary given that patch 3/5 ensures that
| the selinux_inode_mark_private() hook is called from
| reiserfs_new_inode() on the new inode if the directory is private?  I
| think that eliminates the need to perform this test and inheritance in
| inode_doinit, which is called by the d_instantiate.
|

Yes, you're right. The isec->initialized check means that code never
gets executed.

- -Jeff

- --
Jeff Mahoney
SuSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBoiomLPWxlyuTD7IRAu3TAKCJK4LycKusauFJ/QPUIJSC3hqzaACgmsPD
Gte20LrcLzyB6Yjc83JJmr0=
=5sgF
-----END PGP SIGNATURE-----

--
Jeff Mahoney
SuSE Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/