Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753736AbYJaQwJ (ORCPT ); Fri, 31 Oct 2008 12:52:09 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752219AbYJaQvv (ORCPT ); Fri, 31 Oct 2008 12:51:51 -0400 Received: from e31.co.us.ibm.com ([32.97.110.149]:55254 "EHLO e31.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752058AbYJaQvu (ORCPT ); Fri, 31 Oct 2008 12:51:50 -0400 Subject: Re: [PATCH 2/3] integrity: Linux Integrity Module(LIM) From: Dave Hansen To: Christoph Hellwig Cc: Mimi Zohar , linux-kernel@vger.kernel.org, James Morris , David Safford , Serge Hallyn , Mimi Zohar In-Reply-To: <20081014132823.GA18474@infradead.org> References: <7c05f813215804a30d03821fd8e251b250d0e000.1223869200.git.zohar@localhost.localdomain> <20081014132823.GA18474@infradead.org> Content-Type: text/plain Date: Fri, 31 Oct 2008 09:51:42 -0700 Message-Id: <1225471902.12673.415.camel@nimitz> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1252 Lines: 39 On Tue, 2008-10-14 at 09:28 -0400, Christoph Hellwig wrote: > > --- a/include/linux/fs.h > > +++ b/include/linux/fs.h > > @@ -683,6 +683,9 @@ struct inode { > > #ifdef CONFIG_SECURITY > > void *i_security; > > #endif > > +#ifdef CONFIG_INTEGRITY > > + void *i_integrity; > > +#endif > > Sorry, but as said before bloating the inode for this is not an option. > Please use something like the MRU approach I suggested in the last > review round. Why don't we just have a 'void *i_lots_of_bloat field', and let the security folks stick whatever they want in it? They can trade their i_security space for a new one. I know we want to conceptually separate security from integrity, so let's separate it: struct i_bloat_inodes { #ifdef CONFIG_SECURITY void *i_security; #endif #ifdef CONFIG_INTEGRITY void *i_integrity; #endif }; By the way, if there's no TPM hardware, why would I want i_integrity anyway? -- Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/