Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752031AbdHARRG (ORCPT ); Tue, 1 Aug 2017 13:17:06 -0400 Received: from mail-io0-f174.google.com ([209.85.223.174]:38285 "EHLO mail-io0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751840AbdHARRE (ORCPT ); Tue, 1 Aug 2017 13:17:04 -0400 Date: Tue, 1 Aug 2017 11:17:02 -0600 From: Tycho Andersen To: Mehmet Kayaalp Cc: ima-devel , containers , linux-kernel , linux-security-module , "Serge E . Hallyn" , Yuqiong Sun , David Safford , Mehmet Kayaalp , Stefan Berger Subject: Re: [RFC PATCH 3/5] ima: mamespace audit status flags Message-ID: <20170801171702.f2szj5huzbt7fdfl@docker> References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com> <20170720225033.21298-4-mkayaalp@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170720225033.21298-4-mkayaalp@linux.vnet.ibm.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1139 Lines: 48 Hi Mehmet, On Thu, Jul 20, 2017 at 06:50:31PM -0400, Mehmet Kayaalp wrote: > --- a/security/integrity/ima/ima_ns.c > +++ b/security/integrity/ima/ima_ns.c > @@ -301,3 +301,24 @@ struct ns_status *ima_get_ns_status(struct ima_namespace *ns, > > return status; > } > + > +#define IMA_NS_STATUS_ACTIONS IMA_AUDIT > +#define IMA_NS_STATUS_FLAGS IMA_AUDITED > + Seems like these are defined in ima.h above in the patch, and re-defined here? > +unsigned long iint_flags(struct integrity_iint_cache *iint, > + struct ns_status *status) > +{ > + if (!status) > + return iint->flags; > + > + return iint->flags & (status->flags & IMA_NS_STATUS_FLAGS); Just to confirm, is there any situation where: iint->flags & IMA_NS_STATUS_FLAGS != status->flags & IMA_NS_STATUS_FLAGS ? i.e. can this line just be: return status->flags & IMA_NS_STATUS_FLAGS; Tycho > +} > + > +unsigned long set_iint_flags(struct integrity_iint_cache *iint, > + struct ns_status *status, unsigned long flags) > +{ > + iint->flags = flags; > + if (status) > + status->flags = flags & IMA_NS_STATUS_FLAGS; > + return flags; > +} > -- > 2.9.4 >