[systemd-devel] [PATCH] Partially revert "ma-setup: simplify"
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Jun 4 06:24:48 PDT 2015
On Wed, Jun 03, 2015 at 11:23:51AM -0400, Mimi Zohar wrote:
> On Wed, 2015-06-03 at 06:50 +0200, Lennart Poettering wrote:
> > On Tue, 02.06.15 11:55, Mimi Zohar (zohar at linux.vnet.ibm.com) wrote:
> >
> > > > We could add another parameter to copy_bytes(), but in this case it's
> > > > cleaner to call fstat() and loop_write().
> > >
> > > Right. copy_bytes has no concept of rules/records. So either "another
> > > parameter" is added to copy_bytes to indicate skip try_sendfile and
> > > write the entire policy, or [partially] revert the patch to calll
> > > loop_write() to write the entire policy directly.
> >
> > In which way does sendfile() fail here? I mean, the code currently
> > understands ENOSYS and EINVAL as indications that sendfile() is not
> > supported on an fd. What does sendfile() on the IMA device return?
> > Most likely we can just check for that error code, and then try the
> > loop as fallback.
>
> After the sendfile failure, in addition to resetting the file position
> to the beginning of the file, the file would also need to be closed and
> re-opened. Otherwise, IMA assumes the policy was malformed and fails
> the policy update.
OK, this seems just now worth the complication. I pushed this patch as is.
Zbyszek
More information about the systemd-devel
mailing list