• Casey Schaufler's avatar
    LSM: Fix for security_inode_getsecurity and -EOPNOTSUPP · 2885c1e3
    Casey Schaufler authored
    Serge Hallyn pointed out that the current implementation of
    security_inode_getsecurity() works if there is only one hook
    provided for it, but will fail if there is more than one and
    the attribute requested isn't supplied by the first module.
    This isn't a problem today, since only SELinux and Smack
    provide this hook and there is (currently) no way to enable
    both of those modules at the same time. Serge, however, wants
    to introduce a capability attribute and an inode_getsecurity
    hook in the capability security module to handle it. This
    addresses that upcoming problem, will be required for "extreme
    stacking" and is just a better implementation.
    Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    2885c1e3
security.c 53.9 KB