From: Vivek Goyal <vgoyal@redhat.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: miklos@szeredi.hu, sds@tycho.nsa.gov,
linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org, dwalsh@redhat.com,
dhowells@redhat.com, pmoore@redhat.com, viro@ZenIV.linux.org.uk,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 3/5] selinux: Pass security pointer to determine_inode_label()
Date: Tue, 5 Jul 2016 17:09:21 -0400 [thread overview]
Message-ID: <20160705210921.GF17987@redhat.com> (raw)
In-Reply-To: <7669deeb-12db-deeb-abd2-1743acf3721b@schaufler-ca.com>
On Tue, Jul 05, 2016 at 01:25:22PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Right now selinux_determine_inode_label() works on security pointer of
> > current task. Soon I need this to work on a security pointer retrieved
> > from a set of creds. So start passing in a pointer and caller can decide
> > where to fetch security pointer from.
> >
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> > security/selinux/hooks.c | 17 +++++++++--------
> > 1 file changed, 9 insertions(+), 8 deletions(-)
> >
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index c68223c..86a07ed 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -1785,13 +1785,13 @@ out:
> > /*
> > * Determine the label for an inode that might be unioned.
> > */
> > -static int selinux_determine_inode_label(struct inode *dir,
> > - const struct qstr *name,
> > - u16 tclass,
> > +static int selinux_determine_inode_label(const void *security,
>
> You know the type. Why not use it?
>
> static int selinux_determine_inode_label(const struct task_security_struct *tsec,
Will change it. All callers use current_security() to fetch this pointer
and it returns void * and I guess I assumed that compiler will complain
but it does not seem to complain.
Vivek
next prev parent reply other threads:[~2016-07-05 21:09 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-05 15:50 [PATCH 0/5][RFC] Overlayfs SELinux Support Vivek Goyal
2016-07-05 15:50 ` [PATCH 1/5] security, overlayfs: provide copy up security hook for unioned files Vivek Goyal
2016-07-05 16:53 ` kbuild test robot
2016-07-05 16:53 ` kbuild test robot
2016-07-05 17:43 ` Vivek Goyal
2016-07-05 17:20 ` kbuild test robot
2016-07-05 17:20 ` kbuild test robot
2016-07-05 19:36 ` Casey Schaufler
2016-07-05 20:42 ` Vivek Goyal
2016-07-07 20:33 ` Vivek Goyal
2016-07-07 21:44 ` Casey Schaufler
2016-07-08 7:21 ` Miklos Szeredi
2016-07-08 12:45 ` Vivek Goyal
2016-07-08 13:42 ` Vivek Goyal
2016-07-08 15:34 ` Casey Schaufler
2016-07-05 21:35 ` Paul Moore
2016-07-05 21:52 ` Vivek Goyal
2016-07-05 22:03 ` Paul Moore
2016-07-05 15:50 ` [PATCH 2/5] security,overlayfs: Provide security hook for copy up of xattrs for overlay file Vivek Goyal
2016-07-05 20:22 ` Casey Schaufler
2016-07-05 21:15 ` Vivek Goyal
2016-07-05 21:34 ` Casey Schaufler
2016-07-06 17:09 ` Vivek Goyal
2016-07-06 17:50 ` Vivek Goyal
2016-07-06 19:01 ` Vivek Goyal
2016-07-06 19:22 ` Casey Schaufler
2016-07-05 21:45 ` Paul Moore
2016-07-05 21:53 ` Vivek Goyal
2016-07-05 15:50 ` [PATCH 3/5] selinux: Pass security pointer to determine_inode_label() Vivek Goyal
2016-07-05 20:25 ` Casey Schaufler
2016-07-05 21:09 ` Vivek Goyal [this message]
2016-07-05 15:50 ` [PATCH 4/5] overlayfs: Correctly label newly created file over whiteout Vivek Goyal
2016-07-05 15:50 ` [PATCH 5/5] overlayfs: Use vfs_getxattr_noperm() for real inode Vivek Goyal
2016-07-05 20:29 ` Casey Schaufler
2016-07-05 21:16 ` Vivek Goyal
2016-07-06 4:36 ` Miklos Szeredi
2016-07-06 10:54 ` Vivek Goyal
2016-07-06 14:58 ` Miklos Szeredi
2016-07-07 18:35 ` Vivek Goyal
2016-07-08 7:06 ` Miklos Szeredi
2016-07-08 15:28 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160705210921.GF17987@redhat.com \
--to=vgoyal@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=dwalsh@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.