On Tue, 31 May 2016, Casey Schaufler wrote: > Subject: [PATCH] LSM: Fix for security_inode_getsecurity and -EOPNOTSUPP > > Serge Hallyn pointed out that the current implementation of > security_inode_getsecurity() works if there is only one hook > provided for it, but will fail if there is more than one and > the attribute requested isn't supplied by the first module. > This isn't a problem today, since only SELinux and Smack > provide this hook and there is (currently) no way to enable > both of those modules at the same time. Serge, however, wants > to introduce a capability attribute and an inode_getsecurity > hook in the capability security module to handle it. This > addresses that upcoming problem, will be required for "extreme > stacking" and is just a better implementation. > > Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>
