[PATCH v19 15/20] fsverity: expose verified fsverity built-in signatures to LSMs

Jarkko Sakkinen jarkko at kernel.org
Thu May 30 06:07:23 UTC 2024


On Thu May 30, 2024 at 9:01 AM EEST, Eric Biggers wrote:
> On Thu, May 30, 2024 at 08:51:21AM +0300, Jarkko Sakkinen wrote:
> > On Thu May 30, 2024 at 4:44 AM EEST, Paul Moore wrote:
> > > > +	err = security_inode_setintegrity(inode,
> > > > +					  LSM_INT_FSVERITY_BUILTINSIG_VALID,
> > > > +					  signature,
> > > > +					  le32_to_cpu(sig_size));
> > >
> > > I like this much better without the explicit inode cast :)
> > 
> > Would be nice btw if that was 'ret' or 'rc' because err is such
> > a common name for exception handler alike goto-labels... Looks
> > confusing just because of that :-)
> > 
>
> A lot of kernel code, including the rest of fs/verity/, uses the convention that
> "0 or negative errno" return values are named 'err' (and return values that
> aren't necessarily an errno are named something else).  So it's fine as-is.

Right, just hadn't seen such naming convention before.

BR, Jarkko



More information about the Linux-security-module-archive mailing list