[systemd-devel] Revert commit "ma-setup: simplify"
Mimi Zohar
zohar at linux.vnet.ibm.com
Mon Jun 1 07:05:03 PDT 2015
On Mon, 2015-06-01 at 14:02 +0000, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Jun 01, 2015 at 08:57:57AM -0400, Mimi Zohar wrote:
> > The original systemd IMA module loaded the IMA policy by mmaping the
> > file into memory and then writing the entire file to
> > <securityfs>/ima/policy. By changing this behavior of writing the
> > entire file, commit 4dfb18922d5d "ima-setup: simplify" broke IMA
> > policy loading.
> >
> > Please revert commit 4dfb18922d5d1efb13ee459cbf23832277f85ed7 and the
> > related hunk from commit 7430ec6ac08f2c0416d9f806964c46b30f3862b2.
> I'm pretty sure that whether the input file was mmaped or read using
> read() cannot influence the rresult.The difference must come from the
> way that the output file is written. Current code also eventually calls
> loop_write, except that it writes in chunks of COPY_BUFFER_SIZE (16*1024).
> Previous code tried to write everything in one go. Does the output
> file have to be written using one write() call?
Yes!
Mimi
More information about the systemd-devel
mailing list