Thread (17 messages) 17 messages, 6 authors, 2019-08-12

Re: [PATCH] fanotify, inotify, dnotify, security: add security hook for fs notifications

From: Paul Moore <paul@paul-moore.com>
Date: 2019-08-01 12:48:15
Also in: linux-fsdevel, lkml, selinux 

On Thu, Aug 1, 2019 at 7:31 AM Stephen Smalley [off-list ref] wrote:
On 7/31/19 8:27 PM, Paul Moore wrote:
quoted
On Wed, Jul 31, 2019 at 1:26 PM Casey Schaufler [off-list ref] wrote:
quoted
On 7/31/2019 8:34 AM, Aaron Goidel wrote:
...
quoted
quoted
quoted
+static int selinux_path_notify(const struct path *path, u64 mask,
+                                             unsigned int obj_type)
+{
+     int ret;
+     u32 perm;
+
+     struct common_audit_data ad;
+
+     ad.type = LSM_AUDIT_DATA_PATH;
+     ad.u.path = *path;
+
+     /*
+      * Set permission needed based on the type of mark being set.
+      * Performs an additional check for sb watches.
+      */
+     switch (obj_type) {
+     case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
+             perm = FILE__WATCH_MOUNT;
+             break;
+     case FSNOTIFY_OBJ_TYPE_SB:
+             perm = FILE__WATCH_SB;
+             ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
+                                             FILESYSTEM__WATCH, &ad);
+             if (ret)
+                     return ret;
+             break;
+     case FSNOTIFY_OBJ_TYPE_INODE:
+             perm = FILE__WATCH;
+             break;
+     default:
+             return -EINVAL;
+     }
+
+     // check if the mask is requesting ability to set a blocking watch
... in the future please don't use "// XXX", use "/* XXX */" instead :)

Don't respin the patch just for this, but if you have to do it for
some other reason please fix the C++ style comments.  Thanks.
This was discussed during the earlier RFC series but ultimately someone
pointed to:
https://lkml.org/lkml/2016/7/8/625
where Linus blessed the use of C++/C99 style comments.  And checkpatch
accepts them these days.
Yep, I'm aware of both, it is simply a personal preference of mine.
I'm not going to reject patches with C++ style comments, but I would
ask people to stick to the good ol' fashioned comments for patches
they submit.

Obviously if you truly don't want them in the SELinux code, that's your
call.  But note that all files now have at least one such comment as a
result of the mass SPDX license headers that were added throughout the
tree using that style.
FYI, the sky is blue.

It isn't just the license headers either, Al dropped one into hooks.c
:).  Just like I don't plan to reject patches due only to the comment
style, you don't see me pushing patches to change the C++ comments.

-- 
paul moore
www.paul-moore.com
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help