lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhQg_UCDZpm=hWTn5YFAYQJt1K_fRxxq+LzORekJ8p9zNg@mail.gmail.com>
Date:   Thu, 1 Aug 2019 08:47:56 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Stephen Smalley <sds@...ho.nsa.gov>
Cc:     Casey Schaufler <casey@...aufler-ca.com>,
        Aaron Goidel <acgoide@...ho.nsa.gov>, selinux@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, dhowells@...hat.com, jack@...e.cz,
        amir73il@...il.com, James Morris <jmorris@...ei.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fanotify, inotify, dnotify, security: add security hook
 for fs notifications

On Thu, Aug 1, 2019 at 7:31 AM Stephen Smalley <sds@...ho.nsa.gov> wrote:
> On 7/31/19 8:27 PM, Paul Moore wrote:
> > On Wed, Jul 31, 2019 at 1:26 PM Casey Schaufler <casey@...aufler-ca.com> wrote:
> >> On 7/31/2019 8:34 AM, Aaron Goidel wrote:

...

> >>> +static int selinux_path_notify(const struct path *path, u64 mask,
> >>> +                                             unsigned int obj_type)
> >>> +{
> >>> +     int ret;
> >>> +     u32 perm;
> >>> +
> >>> +     struct common_audit_data ad;
> >>> +
> >>> +     ad.type = LSM_AUDIT_DATA_PATH;
> >>> +     ad.u.path = *path;
> >>> +
> >>> +     /*
> >>> +      * Set permission needed based on the type of mark being set.
> >>> +      * Performs an additional check for sb watches.
> >>> +      */
> >>> +     switch (obj_type) {
> >>> +     case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
> >>> +             perm = FILE__WATCH_MOUNT;
> >>> +             break;
> >>> +     case FSNOTIFY_OBJ_TYPE_SB:
> >>> +             perm = FILE__WATCH_SB;
> >>> +             ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
> >>> +                                             FILESYSTEM__WATCH, &ad);
> >>> +             if (ret)
> >>> +                     return ret;
> >>> +             break;
> >>> +     case FSNOTIFY_OBJ_TYPE_INODE:
> >>> +             perm = FILE__WATCH;
> >>> +             break;
> >>> +     default:
> >>> +             return -EINVAL;
> >>> +     }
> >>> +
> >>> +     // check if the mask is requesting ability to set a blocking watch
> >
> > ... in the future please don't use "// XXX", use "/* XXX */" instead :)
> >
> > Don't respin the patch just for this, but if you have to do it for
> > some other reason please fix the C++ style comments.  Thanks.
>
> This was discussed during the earlier RFC series but ultimately someone
> pointed to:
> https://lkml.org/lkml/2016/7/8/625
> where Linus blessed the use of C++/C99 style comments.  And checkpatch
> accepts them these days.

Yep, I'm aware of both, it is simply a personal preference of mine.
I'm not going to reject patches with C++ style comments, but I would
ask people to stick to the good ol' fashioned comments for patches
they submit.

> Obviously if you truly don't want them in the SELinux code, that's your
> call.  But note that all files now have at least one such comment as a
> result of the mass SPDX license headers that were added throughout the
> tree using that style.

FYI, the sky is blue.

It isn't just the license headers either, Al dropped one into hooks.c
:).  Just like I don't plan to reject patches due only to the comment
style, you don't see me pushing patches to change the C++ comments.

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ