[Ocfs2-devel] [PATCH v3 5/7] security: Add hook to invalidate inode security labels
James Morris
jmorris at namei.org
Tue Oct 27 23:08:02 PDT 2015
On Mon, 26 Oct 2015, Andreas Gruenbacher wrote:
> Add a hook to invalidate an inode's security label when the cached
> information becomes invalid.
>
> Implement the new hook in selinux: set a flag when a security label becomes
> invalid. When hitting a security label which has been marked as invalid in
> inode_has_perm, try reloading the label.
>
> If an inode does not have any dentries attached, we cannot reload its
> security label because we cannot use the getxattr inode operation. In that
> case, continue using the old, invalid label until a dentry becomes
> available.
>
> Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
Reviewed-by: James Morris <james.l.morris at oracle.com>
--
James Morris
<jmorris at namei.org>
More information about the Ocfs2-devel
mailing list