Re: [apparmor] Switching to iterate_shared

On Tue, Aug 16, 2022 at 3:30 PM Casey Schaufler wrote: > > Smack passes all tests and seems perfectly content with the change. > I can't say that the tests stress this interface. All the security filesystems really seem to boil down to just calling that 'proc_pident_readdir()' function with diffe

Re: [apparmor] [PATCH 87/87] fs: move i_blocks up a few places in struct inode

On Thu, 28 Sept 2023 at 04:06, Jeff Layton wrote: > > Move i_blocks up above the i_lock, which moves the new 4 byte hole to > just after the timestamps, without changing the size of the structure. I'm sure others have mentioned this, but 'struct inode' is marked with __randomize_layout, so the ac

Re: [PATCH 86/87] fs: switch timespec64 fields in inode to discrete integers

On Thu, 28 Sept 2023 at 14:28, Theodore Ts'o wrote: > > I don't think anyone will complain about breaking the userspace API > --- especially since if, say, the CIA was using this for their spies' > drop boxes, they probably wouldn't want to admit it. :-) Well, you will find that real apps do kin

Re: [PATCH 86/87] fs: switch timespec64 fields in inode to discrete integers

On Thu, 28 Sept 2023 at 20:50, Amir Goldstein wrote: > > OTOH, it is perfectly fine if the vfs wants to stop providing sub 100ns > services to filesystems. It's just going to be the fs problem and the > preserved pre-historic/fine-grained time on existing files would only > need to be provided in

Re: [apparmor] [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs

On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote: > > Hmpf, and frustratingly Ubuntu (and Debian) still builds with > CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago. Well, we could just remove the __FMODE_EXEC from uselib. It's kind of wrong anyway. Unlike a real execve()

Re: [apparmor] [PATCH v1 1/1] treewide: Align match_string() with sysfs_match_string()

On Tue, 4 Jun 2024 at 11:25, Rodrigo Vivi wrote: > > (I believe that the new _match_string(str1, size, str2) deserves a better > name, > but since I'm bad with naming stuff, I don't have any good suggestion) I hated the enormous cc list, so I didn't reply to all. But clearly everybody else is ju

Re: [GIT PULL] sysctl constification changes for v6.11-rc1

On Wed, 24 Jul 2024 at 14:00, Joel Granados wrote: > > This is my first time sending out a semantic patch, so get back to me if > you have issues or prefer some other way of receiving it. Looks fine to me. Sometimes if it's just a pure scripting change, people send me the script itself and just