On Mon, 26 Oct 2015, Andreas Gruenbacher wrote: > Add a hook to invalidate an inode's security label when the cached > information becomes invalid. > > Implement the new hook in selinux: set a flag when a security label becomes > invalid. When hitting a security label which has been marked as invalid in > inode_has_perm, try reloading the label. > > If an inode does not have any dentries attached, we cannot reload its > security label because we cannot use the getxattr inode operation. In that > case, continue using the old, invalid label until a dentry becomes > available. > > Signed-off-by: Andreas Gruenbacher <[email protected]>
Reviewed-by: James Morris <[email protected]> -- James Morris <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
