[systemd-devel] [PATCH] Partially revert "ma-setup: simplify"
Mimi Zohar
zohar at linux.vnet.ibm.com
Wed Jun 3 08:23:51 PDT 2015
On Wed, 2015-06-03 at 06:50 +0200, Lennart Poettering wrote:
> On Tue, 02.06.15 11:55, Mimi Zohar (zohar at linux.vnet.ibm.com) wrote:
>
> > > We could add another parameter to copy_bytes(), but in this case it's
> > > cleaner to call fstat() and loop_write().
> >
> > Right. copy_bytes has no concept of rules/records. So either "another
> > parameter" is added to copy_bytes to indicate skip try_sendfile and
> > write the entire policy, or [partially] revert the patch to calll
> > loop_write() to write the entire policy directly.
>
> In which way does sendfile() fail here? I mean, the code currently
> understands ENOSYS and EINVAL as indications that sendfile() is not
> supported on an fd. What does sendfile() on the IMA device return?
> Most likely we can just check for that error code, and then try the
> loop as fallback.
After the sendfile failure, in addition to resetting the file position
to the beginning of the file, the file would also need to be closed and
re-opened. Otherwise, IMA assumes the policy was malformed and fails
the policy update.
Mimi
More information about the systemd-devel
mailing list