James Morris
2015-Oct-28 06:08 UTC
[Ocfs2-devel] [PATCH v3 5/7] security: Add hook to invalidate inode security labels
On Mon, 26 Oct 2015, Andreas Gruenbacher wrote:> Add a hook to invalidate an inode's security label when the cached > information becomes invalid. > > Implement the new hook in selinux: set a flag when a security label becomes > invalid. When hitting a security label which has been marked as invalid in > inode_has_perm, try reloading the label. > > If an inode does not have any dentries attached, we cannot reload its > security label because we cannot use the getxattr inode operation. In that > case, continue using the old, invalid label until a dentry becomes > available. > > Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>Reviewed-by: James Morris <james.l.morris at oracle.com> -- James Morris <jmorris at namei.org>