Re: [PATCH] integrity: fix IMA inode leak
From: James Morris
Date: Mon Jun 08 2009 - 19:16:44 EST
On Mon, 8 Jun 2009, Mimi Zohar wrote:
>
> Ok, so instead of having a full fledge single security layer, only add
> the security layer for those places where both the LSM hooks and IMA
> co-exist: security_file_mmap, security_bprm_check, security_inode_alloc,
> security_inode_free, and security_file_free. As the LSM hooks are called
> 'security_XXXX', the call would look something like:
>
> security_all_inode_free() {
> ima_inode_free()
> security_inode_free()
> }
Yes, it only needs to be a wrapper. The above is ugly, how about:
security_inode_free()
{
ima_inode_free();
lsm_inode_free();
}
I think we may have come full circle on the naming of the LSM hook, but
'security_*' was never great given that it's only supposed to be covering
access control.
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/