Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752285AbbH0BGg (ORCPT ); Wed, 26 Aug 2015 21:06:36 -0400 Received: from cn.fujitsu.com ([59.151.112.132]:62619 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1750924AbbH0BGf (ORCPT ); Wed, 26 Aug 2015 21:06:35 -0400 X-IronPort-AV: E=Sophos;i="5.15,520,1432569600"; d="scan'208";a="100062996" Message-ID: <55DE6130.1060905@cn.fujitsu.com> Date: Thu, 27 Aug 2015 09:00:32 +0800 From: Dongsheng Yang User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Josh Cartwright CC: Richard Weinberger , , , , Subodh Nijsure , Marc Kleine-Budde , Brad Mouring , Gratian Crisan , Artem Bityutskiy , Artem Bityutskiy Subject: Re: [PATCH 1/2] ubifs: Remove dead xattr code References: <1440016553-26481-1-git-send-email-richard@nod.at> <55D54006.9030700@cn.fujitsu.com> <20150826141509.GJ8016@jcartwri.amer.corp.natinst.com> In-Reply-To: <20150826141509.GJ8016@jcartwri.amer.corp.natinst.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.167.226.66] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1857 Lines: 45 On 08/26/2015 10:15 PM, Josh Cartwright wrote: > On Thu, Aug 20, 2015 at 10:48:38AM +0800, Dongsheng Yang wrote: >> On 08/20/2015 04:35 AM, Richard Weinberger wrote: >>> This is a partial revert of commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53 >>> ("UBIFS: Add security.* XATTR support for the UBIFS"). >> >> Hi Richard, >> What about a full reverting of this commit. In ubifs, we >> *can* support any namespace of xattr including user, trusted, security >> or other anyone prefixed by any words. But we have a check_namespace() >> in xattr.c to limit what we want to support. That said, if we want to >> "Add security.* XATTR support for the UBIFS", what we need to do is >> just extending the check_namespace() to allow security namespace pass. >> And yes, check_namespace() have been supporting security namespace. > > Is this good enough? Yes, it'd mean that the xattrs end up on disk, but > then who's responsible for invoking the selected LSMs inode_init_security() hooks? > AFAICT, we'd still need to invoke security_inode_init_security for newly > created inodes (which, Richard's proposed commit still does). OH, right. My bad!!!! I missed the security_inode_init_security(). Besides to allow security.* prefix in xattr, we still need to call security_inode_init_security() in ubifs_create(). That's true. So what we need to remove is only the ubifs_xattr_handlers. Thanx Josh, you are right. And Richard, sorry for my bad mind. Reviewed-by: Dongsheng Yang Thanx Yang > > Thanks, > > Josh (who, admittedly, is neither a filesystem nor security module guy :) > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/