Re: [PATCH] securityfs

[James Morris]

On Sun, 3 Jul 2005, Greg KH wrote:

> Good idea.  Here's a patch to do just that (compile tested only...)
> 
> Comments?

Looks promising so far.

I'm currently porting selinuxfs funtionality to securityfs, although I'm
not sure if we'll be ok during early initialization.  selinuxfs is
currently kern_mounted via an initcall.  We may need an initcall
kern_mount() of securityfs before SELinux kicks in.

Stephen: opinions on this?

Otherwise, it looks like it'll allow SELinux to drop some code.  Generally 
it will mean that other LSM components won't have to create their own 
filesystems, and their subdirectories will be hanging off /security (or 
wherever selinuxfs is mounted), rather than scattered across /

Some of the SELinux code may be useful as part of securityfs later, as 
well.


> +struct dentry *securityfs_create_file(const char *name, mode_t mode,
> +				   struct dentry *parent, void *data,
> +				   struct file_operations *fops)
> +{
> +	struct dentry *dentry = NULL;
> +	int error;
> +
> +	pr_debug("securityfs: creating file '%s'\n",name);
> +
> +	error = simple_pin_fs("securityfs", &mount, &mount_count);
> +	if (error)
> +		goto exit;
> +
> +	error = create_by_name(name, mode, parent, &dentry);
> +	if (error) {
> +		dentry = NULL;
> +		goto exit;
> +	}
> +
> +	if (dentry->d_inode) {
> +		if (data)
> +			dentry->d_inode->u.generic_ip = data;
> +		if (fops)
> +			dentry->d_inode->i_fop = fops;
> +	}
> +exit:
> +	return dentry;
> +}
> +EXPORT_SYMBOL_GPL(securityfs_create_file);

How about having all API functions which return a pointer be converted to 
use ERR_PTR() ?

This will allow errors to be propagated to the calling code.


- James
-- 
James Morris
<jmorris@xxxxxxxxxx>


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/