linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [PATCH 1/2] VFS/Security: Rework inod

Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer

From: James Morris <jmorris_at_nospam>
Date: Thu Nov 01 2007 - 20:58:18 GMT
To: "David P. Quigley" <>

On Thu, 1 Nov 2007, David P. Quigley wrote:

> This patch modifies the interface to inode_getsecurity to have the function
> return a buffer containing the security blob and its length via parameters
> instead of relying on the calling function to give it an appropriately sized
> buffer. Security blobs obtained with this function should be freed using the
> release_secctx LSM hook. This alleviates the problem of the caller having to
> guess a length and preallocate a buffer for this function allowing it to be
> used elsewhere for Labeled NFS. The patch also removed the unused err
> parameter. The conversion is similar to the one performed by Al Viro for the
> security_getprocattr hook.
> Signed-off-by: David P. Quigley <>

Acked-by: James Morris <> -- James Morris <> - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to More majordomo info at