Re: [PATCH 2/3] integrity: Linux Integrity Module(LIM)
From: Christoph Hellwig
Date: Tue Oct 14 2008 - 09:28:34 EST
> int vfs_permission(struct nameidata *nd, int mask)
> {
> - return inode_permission(nd->path.dentry->d_inode, mask);
> + int retval;
> +
> + retval = inode_permission(nd->path.dentry->d_inode, mask);
> + if (retval)
> + return retval;
> + return integrity_inode_permission(NULL, &nd->path,
> + mask & (MAY_READ | MAY_WRITE |
> + MAY_EXEC));
> }
>
> /**
> @@ -306,7 +314,14 @@ int vfs_permission(struct nameidata *nd, int mask)
> */
> int file_permission(struct file *file, int mask)
> {
> - return inode_permission(file->f_path.dentry->d_inode, mask);
> + int retval;
> +
> + retval = inode_permission(file->f_path.dentry->d_inode, mask);
> + if (retval)
> + return retval;
> + return integrity_inode_permission(file, NULL,
> + mask & (MAY_READ | MAY_WRITE |
> + MAY_EXEC));
Please don't add anything here as these two wrappers will go away.
Please only make decisions based on what you get in inode_permission().
> }
>
> /*
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 32477e8..349d548 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -683,6 +683,9 @@ struct inode {
> #ifdef CONFIG_SECURITY
> void *i_security;
> #endif
> +#ifdef CONFIG_INTEGRITY
> + void *i_integrity;
> +#endif
Sorry, but as said before bloating the inode for this is not an option.
Please use something like the MRU approach I suggested in the last
review round.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/