Re: [RFC PATCH v11 15/19] fsverity: consume builtin signature via LSM hook

From: Fan Wu
Date: Thu Oct 05 2023 - 12:00:06 EST




On 10/4/2023 7:27 PM, Eric Biggers wrote:
On Wed, Oct 04, 2023 at 03:09:42PM -0700, Fan Wu wrote:
+#ifdef CONFIG_FS_VERITY_BUILTIN_SIGNATURES
+static int fsverity_inode_setsecurity(struct inode *inode,
+ struct fsverity_descriptor *desc)
+{
+ return security_inode_setsecurity(inode, FS_VERITY_INODE_SEC_NAME,
+ desc->signature,
+ le32_to_cpu(desc->sig_size), 0);
+}

Why isn't the type of the second argument 'const struct fsverity_descriptor *'?

- Eric

Thanks for the suggestion. I agree that adding 'const' here is a better approach. I will update this in the next version.

-Fan