Merge branch 'master'

author: Jeff Garzik <jeff@garzik.org> 2006-03-22 19:13:54 -0500
committer: Jeff Garzik <jeff@garzik.org> 2006-03-22 19:13:54 -0500
commit: f01c18456993bab43067b678f56c87ca954aa43b (patch)
tree: 3e0cd0cdf1a57618202b46a7126125902e3ab832 /security/selinux/hooks.c
parent: 949ec2c8e6b7b89179b85baf6309c009e1a1b951 (diff)
parent: 1c2e02750b992703a8a18634e08b04353face243 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5b16196f2823..ccaf988f3729 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -117,6 +117,8 @@ static struct security_operations *secondary_ops = NULL;
 static LIST_HEAD(superblock_security_head);
 static DEFINE_SPINLOCK(sb_security_lock);
+static kmem_cache_t *sel_inode_cache;
 /* Allocate and free functions for each kind of security blob. */
 static int task_alloc_security(struct task_struct *task)
@@ -146,10 +148,11 @@ static int inode_alloc_security(struct inode *inode)
        struct task_security_struct *tsec = current->security;
        struct inode_security_struct *isec;
-        isec = kzalloc(sizeof(struct inode_security_struct), GFP_KERNEL);
+        isec = kmem_cache_alloc(sel_inode_cache, SLAB_KERNEL);
        if (!isec)
                return -ENOMEM;
+        memset(isec, 0, sizeof(*isec));
        init_MUTEX(&isec->sem);
        INIT_LIST_HEAD(&isec->list);
        isec->inode = inode;
@@ -172,7 +175,7 @@ static void inode_free_security(struct inode *inode)
        spin_unlock(&sbsec->isec_lock);
        inode->i_security = NULL;
-        kfree(isec);
+        kmem_cache_free(sel_inode_cache, isec);
 }
 static int file_alloc_security(struct file *file)
@@ -1929,7 +1932,6 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
        struct task_security_struct *tsec;
        struct inode_security_struct *dsec;
        struct superblock_security_struct *sbsec;
-        struct inode_security_struct *isec;
        u32 newsid, clen;
        int rc;
        char *namep = NULL, *context;
@@ -1937,7 +1939,6 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
        tsec = current->security;
        dsec = dir->i_security;
        sbsec = dir->i_sb->s_security;
-        isec = inode->i_security;
        if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
                newsid = tsec->create_sid;
@@ -1957,7 +1958,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
        inode_security_set_sid(inode, newsid);
-        if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
+        if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
                return -EOPNOTSUPP;
        if (name) {
@@ -4408,6 +4409,9 @@ static __init int selinux_init(void)
        tsec = current->security;
        tsec->osid = tsec->sid = SECINITSID_KERNEL;
+        sel_inode_cache = kmem_cache_create("selinux_inode_security",
+                                            sizeof(struct inode_security_struct),
+                                            0, SLAB_PANIC, NULL, NULL);
        avc_init();
        original_ops = secondary_ops = security_ops;
author	Jeff Garzik <jeff@garzik.org>	2006-03-22 19:13:54 -0500
committer	Jeff Garzik <jeff@garzik.org>	2006-03-22 19:13:54 -0500
commit	f01c18456993bab43067b678f56c87ca954aa43b (patch)
tree	3e0cd0cdf1a57618202b46a7126125902e3ab832 /security/selinux/hooks.c
parent	949ec2c8e6b7b89179b85baf6309c009e1a1b951 (diff)
parent	1c2e02750b992703a8a18634e08b04353face243 (diff)