[PATCH 21/28] security: Introduce inode_post_remove_acl hook
Roberto Sassu
roberto.sassu at huaweicloud.com
Mon Mar 6 15:34:04 UTC 2023
On Mon, 2023-03-06 at 10:22 -0500, Stefan Berger wrote:
>
> On 3/3/23 13:18, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu at huawei.com>
> >
> > In preparation for moving IMA and EVM to the LSM infrastructure, introduce
> > the inode_post_remove_acl hook.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> > ---
> >
> > +/**
> > + * security_inode_post_remove_acl() - Update inode sec after remove_acl op
> > + * @idmap: idmap of the mount
> > + * @dentry: file
> > + * @acl_name: acl name
> > + *
> > + * Update inode security field after successful remove_acl operation on @dentry
> > + * in @idmap. The posix acls are identified by @acl_name.
> > + */
> > +void security_inode_post_remove_acl(struct mnt_idmap *idmap,
> > + struct dentry *dentry, const char *acl_name)
> > +{
> > + if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> > + return;
>
> Was that a mistake before that EVM and IMA functions did not filtered out private inodes?
Looks like that. At least for hooks that are not called from
security.c.
Thanks
Roberto
More information about the Linux-security-module-archive
mailing list