Re: [PATCH] integrity: fix IMA inode leak

From: James Morris
Date: Mon Jun 08 2009 - 19:16:44 EST

Next message: Mike Frysinger: "scripts/kallsyms: extending region checking for Blackfin memory regions"
Previous message: David VomLehn: "Re: [PATCH 7/7] initdev:kernel:Await block device discovery"
In reply to: Mimi Zohar: "Re: [PATCH] integrity: fix IMA inode leak"
Next in thread: Mimi Zohar: "Re: [PATCH] integrity: fix IMA inode leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Jun 2009, Mimi Zohar wrote:

>
> Ok, so instead of having a full fledge single security layer, only add
> the security layer for those places where both the LSM hooks and IMA
> co-exist: security_file_mmap, security_bprm_check, security_inode_alloc,
> security_inode_free, and security_file_free. As the LSM hooks are called
> 'security_XXXX', the call would look something like:
>
> security_all_inode_free() {
> ima_inode_free()
> security_inode_free()
> }

Yes, it only needs to be a wrapper. The above is ugly, how about:

security_inode_free()
{
ima_inode_free();
lsm_inode_free();
}

I think we may have come full circle on the naming of the LSM hook, but
'security_*' was never great given that it's only supposed to be covering
access control.

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Frysinger: "scripts/kallsyms: extending region checking for Blackfin memory regions"
Previous message: David VomLehn: "Re: [PATCH 7/7] initdev:kernel:Await block device discovery"
In reply to: Mimi Zohar: "Re: [PATCH] integrity: fix IMA inode leak"
Next in thread: Mimi Zohar: "Re: [PATCH] integrity: fix IMA inode leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]