Quoting David P. Quigley ([EMAIL PROTECTED]):
> Originally vfs_getxattr would pull the security xattr variable using
> the inode getxattr handle and then proceed to clobber it with a subsequent
> call
> to the LSM. This patch reorders the two operations such that when the xattr
> requested is in the security namespace it first attempts to grab the value
> from
> the LSM directly. If it fails to obtain the value because there is no module
> present or the module does not support the operation it will fall back to
> using
> the inode getxattr operation. In the event that both are inaccessible it
> returns EOPNOTSUPP.
>
> Signed-off-by: David P. Quigley <[EMAIL PROTECTED]>
No change from last time, so again
Acked-by: Serge Hallyn <[EMAIL PROTECTED]>
thanks,
-serge
> ---
> fs/xattr.c | 15 ++++++++-------
> 1 files changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 56b5b88..91c7929 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -145,11 +145,6 @@ vfs_getxattr(struct dentry *dentry, char *name, void
> *value, size_t size)
> if (error)
> return error;
>
> - if (inode->i_op->getxattr)
> - error = inode->i_op->getxattr(dentry, name, value, size);
> - else
> - error = -EOPNOTSUPP;
> -
> if (!strncmp(name, XATTR_SECURITY_PREFIX,
> XATTR_SECURITY_PREFIX_LEN)) {
> const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
> @@ -158,9 +153,15 @@ vfs_getxattr(struct dentry *dentry, char *name, void
> *value, size_t size)
> * Only overwrite the return value if a security module
> * is actually active.
> */
> - if (ret != -EOPNOTSUPP)
> - error = ret;
> + if (ret == -EOPNOTSUPP)
> + goto nolsm;
> + return ret;
> }
> +nolsm:
> + if (inode->i_op->getxattr)
> + error = inode->i_op->getxattr(dentry, name, value, size);
> + else
> + error = -EOPNOTSUPP;
>
> return error;
> }
> --
> 1.5.3.4
>
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
