From: Eric Biggers <ebiggers@kernel.org>
To: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: David Howells <dhowells@redhat.com>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Linux Next Mailing List <linux-next@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fscrypt@vger.kernel.org
Subject: Re: linux-next: build warnings after merge of the keys tree
Date: Tue, 30 Jul 2019 18:40:34 -0700 [thread overview]
Message-ID: <20190731014034.GB687@sol.localdomain> (raw)
In-Reply-To: <20190730135216.377a16d5@canb.auug.org.au>
On Tue, Jul 30, 2019 at 01:52:16PM +1000, Stephen Rothwell wrote:
> Hi Eric,
>
> On Mon, 29 Jul 2019 20:47:04 -0700 Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > On Tue, Jul 30, 2019 at 12:30:42PM +1000, Stephen Rothwell wrote:
> > > +static struct key_acl fsverity_acl = {
> > > + .usage = REFCOUNT_INIT(1),
> > > + .possessor_viewable = true,
> >
> > I don't think .possessor_viewable should be set here, since there's no
> > KEY_POSSESSOR_ACE(KEY_ACE_VIEW) in the ACL. David, this bool is supposed to
> > mean such an entry is present, right? Is it really necessary, since it's
> > redundant with the ACL itself?
>
> OK, I can take that out of the patch for tomorrow.
>
> > Otherwise this looks good, thanks Stephen. I'll want to remove a few of these
> > permissions in a separate patch later, but for now we can just keep it
> > equivalent to the original code as you've done.
>
> Thanks for the review.
>
Hmm, apparently it's not *exactly* equivalent, since the ACL is missing INVAL
and JOIN permission for the owner, while those were originally granted by SEARCH
permission. We don't need those, but just to keep the merge resolution itself
as boring as possible, can you please use the following to make it equivalent:
static struct key_acl fsverity_acl = {
.usage = REFCOUNT_INIT(1),
.nr_ace = 2,
.aces = {
KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_JOIN |
KEY_ACE_INVAL),
KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE |
KEY_ACE_SEARCH | KEY_ACE_SET_SECURITY |
KEY_ACE_INVAL | KEY_ACE_REVOKE | KEY_ACE_JOIN |
KEY_ACE_CLEAR),
}
};
Thanks!
- Eric
next prev parent reply other threads:[~2019-07-31 1:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 2:30 linux-next: build warnings after merge of the keys tree Stephen Rothwell
2019-07-30 3:47 ` Eric Biggers
2019-07-30 3:52 ` Stephen Rothwell
2019-07-31 1:40 ` Eric Biggers [this message]
2019-07-31 3:05 ` Stephen Rothwell
-- strict thread matches above, loose matches on Subject: below --
2020-05-04 3:47 Stephen Rothwell
2017-11-13 2:10 Stephen Rothwell
2017-11-13 9:42 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190731014034.GB687@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=dhowells@redhat.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=sfr@canb.auug.org.au \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).