Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9492280ybi; Wed, 10 Jul 2019 11:14:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqwGbSlFi1kVFLHq8gLMxrQKKmsZEKGe4X6vZ1mrfNto9DEVsG88C9AK0avw2U4GtzqRJ+7X X-Received: by 2002:a17:90a:2706:: with SMTP id o6mr8674752pje.62.1562782448765; Wed, 10 Jul 2019 11:14:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562782448; cv=none; d=google.com; s=arc-20160816; b=PI09ZSofgHDeWXWaz2VnWN2dKjePtI2cyPiXhWJXMRAQPa3AU6P0GbYZl5SsBliuaG SAOhjaCFbq2LJ7N77PFiVEyWSkkdizrIsfj17BIbyPIgh2OYZCz0TB9iWn8+aJqq1gvC OSwEDkADsB/HoPeZAykJ4rj9XX/EuZr6wHfRdr7Ffa7BzSxWLKBqPDXJrO4o7alQB02H 6S0lvPE9B9e79t0eOmS+MIYJ7aV30kIcSwIfPuBzXTKgEY0zUeOHCYJFtNOj9wLRB4Jg x4Ld2/dCNy/NuQQ1N6WhqQyJ3DtCDbouVbyrgAKII0AxMl+ilY6jUkOonKb1bh5+ky0o 20ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=6TZg+cfik9Nb4PNnRpyHtIb/tGDafCLPUt0aWZAv/js=; b=NJK6rsMO6snCEjZM2M2x+4rzvlCJzkRR5XMh6p2dRH44vq9eXXaYYjrMtd4q2W2xjP t/mmu9VLX/yzSloRc9Aas8/8uTg6TMR0qpgb47IUV8rXfFZ54fcoROccuWfP1h8Dvjs1 GJQxRtmoe4ZWj3QbST+ShSWn8F5g6ei0bwU8aMx/gwplRvvaWFe0xqffO/J7ZmUPnLSa 941VB+SCvAeA2pxLrVsL4DppgtJeyoefstmLN3EVr1N3YXp/GiXnClC2hGGwpzNRE5tx cvGr3L/pgmTQT80sNkgX9iINiZkljtPf4sEtm9wHjCmADgOIR4uGKX7MIlJL02nr9aD8 SqHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z25si2694276pgk.415.2019.07.10.11.13.52; Wed, 10 Jul 2019 11:14:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727847AbfGJRWl (ORCPT + 99 others); Wed, 10 Jul 2019 13:22:41 -0400 Received: from smtprelay0113.hostedemail.com ([216.40.44.113]:33968 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726229AbfGJRWk (ORCPT ); Wed, 10 Jul 2019 13:22:40 -0400 Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay06.hostedemail.com (Postfix) with ESMTP id 16DFE18224D67; Wed, 10 Jul 2019 17:22:39 +0000 (UTC) X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 50,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::::::::::::::::,RULES_HIT:41:355:379:599:967:968:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2393:2525:2560:2563:2682:2685:2828:2859:2895:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3353:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4321:5007:6120:7901:7903:8957:8985:9025:9038:10004:10234:10400:10848:11026:11232:11658:11914:12043:12048:12297:12438:12740:12760:12895:13069:13141:13230:13255:13311:13357:13439:14096:14097:14181:14659:14721:21080:21212:21627:21660:21788:30029:30054:30070:30091,0,RBL:172.56.44.31:@perches.com:.lbl8.mailshell.net-62.8.0.180 64.201.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:26,LUA_SUMMARY:none X-HE-Tag: bite23_338f1fa13e539 X-Filterd-Recvd-Size: 2392 Received: from XPS-9350 (unknown [172.56.44.31]) (Authenticated sender: joe@perches.com) by omf14.hostedemail.com (Postfix) with ESMTPA; Wed, 10 Jul 2019 17:22:33 +0000 (UTC) Message-ID: <079745c94c232591453dcb01c9d9406b721bb6bf.camel@perches.com> Subject: Re: [RFC PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications From: Joe Perches To: Randy Dunlap , Casey Schaufler , Aaron Goidel , paul@paul-moore.com Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, dhowells@redhat.com, jack@suse.cz, amir73il@gmail.com, jmorris@namei.org, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Date: Wed, 10 Jul 2019 10:22:03 -0700 In-Reply-To: <6ce2ce60b2435940bc8dfa07fa2553c4524d2db5.camel@perches.com> References: <20190710133403.855-1-acgoide@tycho.nsa.gov> <4fd98c88-61a6-a155-5028-db22a778d3c1@schaufler-ca.com> <6ce2ce60b2435940bc8dfa07fa2553c4524d2db5.camel@perches.com> Content-Type: text/plain; charset="ISO-8859-1" User-Agent: Evolution 3.30.5-0ubuntu0.18.10.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2019-07-10 at 10:18 -0700, Joe Perches wrote: > On Wed, 2019-07-10 at 09:49 -0700, Randy Dunlap wrote: > > On 7/10/19 9:38 AM, Casey Schaufler wrote: > > > On 7/10/2019 6:34 AM, Aaron Goidel wrote: > > > > @@ -3261,6 +3262,26 @@ static int selinux_inode_removexattr(struct dentry *dentry, const char *name) > > > > return -EACCES; > > > > } > > > > > > > > +static int selinux_inode_notify(struct inode *inode, u64 mask) > > > > +{ > > > > + u32 perm = FILE__WATCH; // basic permission, can a watch be set? > > > > > > We don't use // comments in the Linux kernel. > > > > > > > I thought that we had recently moved into the 21st century on that issue, > > but I don't see it mentioned in coding-style.rst. Maybe we need a Doc update. > > > > checkpatch allows C99 comments by default. > > Joe, do you recall about this? > > My recollection is it was something I thought was > just simple and useful so I added it to checkpatch > without going through the negative of the nominal > approvals required by modifying CodingStyle. https://lkml.org/lkml/2016/7/8/625