[PATCH 2/2] integrity: replace call to integrity_read_file with kernel version
James Morris
jmorris at namei.org
Thu Sep 14 23:21:53 UTC 2017
On Thu, 14 Sep 2017, Christoph Hellwig wrote:
> On Fri, Sep 15, 2017 at 06:21:28AM +1000, James Morris wrote:
> > So, to be clear, this patch solves the XFS deadlock using a different
> > approach (to the now reverted integrity_read approach), which Christoph
> > also says is more correct generally. Correct?
>
> No. It is in addition to the previous patches - the patches were
> correct for the IMA interaction with the I/O path. It just turns
> out that the function was also reused for reading certificates
> at initialization time, for which that change was incorrect.
>
> If this series is applied first the integrity_read code is not
> used for that path any more.
Ok. Sorry I hadn't looked at the code in detail at this stage during the
conference and wanting to just revert back to something that Linus can
safely pull before the merge window closes.
--
James Morris
<jmorris at namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list