[systemd-devel] Revert commit "ma-setup: simplify"
Mimi Zohar
zohar at linux.vnet.ibm.com
Mon Jun 1 07:21:08 PDT 2015
On Mon, 2015-06-01 at 10:05 -0400, Mimi Zohar wrote:
> On Mon, 2015-06-01 at 14:02 +0000, Zbigniew Jędrzejewski-Szmek wrote:
> > On Mon, Jun 01, 2015 at 08:57:57AM -0400, Mimi Zohar wrote:
> > > The original systemd IMA module loaded the IMA policy by mmaping the
> > > file into memory and then writing the entire file to
> > > <securityfs>/ima/policy. By changing this behavior of writing the
> > > entire file, commit 4dfb18922d5d "ima-setup: simplify" broke IMA
> > > policy loading.
> > >
> > > Please revert commit 4dfb18922d5d1efb13ee459cbf23832277f85ed7 and the
> > > related hunk from commit 7430ec6ac08f2c0416d9f806964c46b30f3862b2.
> > I'm pretty sure that whether the input file was mmaped or read using
> > read() cannot influence the rresult.The difference must come from the
> > way that the output file is written. Current code also eventually calls
> > loop_write, except that it writes in chunks of COPY_BUFFER_SIZE (16*1024).
> > Previous code tried to write everything in one go. Does the output
> > file have to be written using one write() call?
>
> Yes!
But I doubt very much that is the problem as the test file I'm using is
small, only 1780 bytes.
Mimi
More information about the systemd-devel
mailing list