From: David Quigley <selinux@davequigley.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: Subodh Nijsure <subodh.nijsure@gmail.com>,
<linux-mtd@lists.infradead.org>,
Artem Bityutskiy <dedekind1@gmail.com>,
Adrian Hunter <adrian.hunter@intel.com>,
<linux-kernel@vger.kernel.org>,
Subodh Nijsure <snijsure@grid-net.com>,
LSM <linux-security-module@vger.kernel.org>,
SE Linux <selinux@tycho.nsa.gov>
Subject: Re: [PATCH] Add security.selinux XATTR support for the UBIFS. Also fix couple of bugs in UBIFS extended attribute length calculation.
Date: Mon, 09 Apr 2012 09:42:35 -0400 [thread overview]
Message-ID: <e7692a4e693c7250324a647f962b0556@countercultured.net> (raw)
In-Reply-To: <4F824B4F.8090107@schaufler-ca.com>
On 04/08/2012 22:37, Casey Schaufler wrote:
>> +
>> +size_t
>> +ubifs_security_listxattr(struct dentry *d, char *list, size_t
>> list_size,
>> + const char *name, size_t name_len, int flags)
>> +{
>> + const int prefix_len = XATTR_SECURITY_PREFIX_LEN;
>> + const size_t total_len = prefix_len + name_len + 1;
>> + if (list && total_len <= list_size) {
>> + memcpy(list, XATTR_SECURITY_PREFIX, prefix_len);
>> + memcpy(list+prefix_len, name, name_len);
>> + list[prefix_len + name_len] = '\0';
>> + }
>> + return total_len;
>> +}
>> +
>> +
>> +int ubifs_security_getxattr(struct dentry *d, const char *name,
>> + void *buffer, size_t size, int flags)
>> +{
>> + if (strcmp(name, "") == 0)
>> + return -EINVAL;
>> + return __ubifs_getxattr(d->d_inode, XATTR_NAME_SELINUX, buffer,
>> size);
>> +}
>> +
>> +
>> +int ubifs_security_setxattr(struct dentry *d, const char *name,
>> + const void *value, size_t size,
>> + int flags, int handler_flags)
>> +{
>> + if (strcmp(name, "") == 0)
>> + return -EINVAL;
>> + return __ubifs_setxattr(d->d_inode, XATTR_NAME_SELINUX, value,
More constructively, Casey is right in that you shouldn't be putting
the SELinux xattr in there. If __ubifs_setxattr is expecting the full
namespace.name string just pass name down. Otherwise strip off the
security. and send the remaining porting down to __ubiffs_setxattr.
Dave
next prev parent reply other threads:[~2012-04-09 13:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-08 13:47 [PATCH] Add security.selinux XATTR support for the UBIFS. Also fix couple of bugs in UBIFS extended attribute length calculation Subodh Nijsure
2012-04-09 2:37 ` Casey Schaufler
2012-04-09 6:40 ` Subodh Nijsure
2012-04-09 15:08 ` Casey Schaufler
2012-04-09 13:42 ` David Quigley [this message]
2014-06-23 11:31 ` Artem Bityutskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7692a4e693c7250324a647f962b0556@countercultured.net \
--to=selinux@davequigley.com \
--cc=adrian.hunter@intel.com \
--cc=casey@schaufler-ca.com \
--cc=dedekind1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
--cc=snijsure@grid-net.com \
--cc=subodh.nijsure@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).