[PATCH v6 1/5] security: create file_truncate hook from path_truncate hook
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Thu Sep 8 22:04:59 UTC 2022
On 2022/09/09 5:50, Günther Noack wrote:
> On Thu, Sep 08, 2022 at 04:09:06PM -0400, Paul Moore wrote:
>> On Thu, Sep 8, 2022 at 3:58 PM Günther Noack <gnoack3000 at gmail.com> wrote:
>>>
>>> Like path_truncate, the file_truncate hook also restricts file
>>> truncation, but is called in the cases where truncation is attempted
>>> on an already-opened file.
>>>
>>> This is required in a subsequent commit to handle ftruncate()
>>> operations differently to truncate() operations.
>>>
>>> Signed-off-by: Günther Noack <gnoack3000 at gmail.com>
>>
>> We need to get John and Tetsuo's ACKs on this patch, but in addition
>> to that I have two small comments (below).
>
> +CC: John Johansen and Tetsuo Handa -- this change is splitting up the
> path_truncate LSM hook into a path_truncate and file_truncate variant,
> one operating on the path as before, and one operating on a struct
> file*. As a result, AppArmor and TOMOYO need to implement the
> file-based hook as well and treat it the same as before by looking at
> the file's ->f_path. Does this change seem reasonable to you?
Regarding TOMOYO part,
Acked-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
More information about the Linux-security-module-archive
mailing list