> > - if (xfrm_policy_match(pol, fl, type, family, dir)) {
> > + err = xfrm_policy_match(pol, fl, type, family, dir);
> > + if (err) {
> > + if (err == -ESRCH)
> > + continue;
> > + else {
> > + ret = ERR_PTR(err);
> > + goto fail;
> > + }
> > + } else {
>
> Semantics issue: if the exact policy match fails with
> -EACCESS, should we
> then try an inexact match before failing?
I wonder what you mean by an inexact match here.
>
> > #ifdef CONFIG_XFRM_SUB_POLICY
> > pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB,
> fl, family, dir);
> > - if (pol)
> > + if (IS_ERR(pol)) {
> > + err = PTR_ERR(pol);
> > + pol = NULL;
> > + }
> > + if (pol || err)
> > goto end;
>
> Similarly, if the sub-policy lookup returns -EACCESS, should
> we then try a
> main policy lookup before failing?
I would think not since we are already handling the more usual
"failure" of EACCES properly, and any other error would usually
have to be a near-fatal error concerning the whole LSM policy or
temporary memory pressure, for example. Usually the latter is auto
handled when the callers reattempt the llokup.
While it is theoretically possible
that the LSM might generate an error for the sub but not for the main,
we would have to first redefine the LSM hook to communicate this
differentiation. And at least in the case of the current user of LSM
(SELinux)
I don't currently see the need for this differentiation.
>
> I would think yes to both.
>
> Opinions?
>
>
> - James
> --
> James Morris
> <[EMAIL PROTECTED]>
>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
