Akemi Yagi wrote: > > Karanbir Singh wrote: > >> On 10/27/2011 04:57 AM, Tetsuo Handa wrote: > >> > My apologies. I was misunderstanding. I was assuming that making changes in > >> > "struct security_operations" breaks the kABI. But it seems it does not. > >> > >> excellent, lets do it then. > >> > > I see. Created http://bugs.centos.org/view.php?id=5219 for this topic. > > As can be seen in that bug report, the centosplus kernel has had > TOMOYO security module enabled since kernel-2.6.32-131.21.1.el6. > > Handa-san, do you think it is a good idea to apply patches [1] > referenced on the TOMOYO 2.2 page [2]? Well, nobody has ever hit this race. But if carrying below patch does not bother toracat, it is nice to have below patch applied. ---------- [PATCH] TOMOYO: Fix race on updating profile's comment line. commit 2a086e5d3a23570735f75b784d29b93068070833 upstream. tomoyo_save_name() in tomoyo_write_profile() may return NULL. Therefore, profile->comment ? profile->comment->name : "" in tomoyo_read_profile() may race. Keep the old value rather than replace with empty string when out of memory error has occurred. Signed-off-by: Xiaochen Wang <wangxiaochen0 at gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp> --- security/tomoyo/common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- linux-2.6.32.49.orig/security/tomoyo/common.c +++ linux-2.6.32.49/security/tomoyo/common.c @@ -924,7 +924,11 @@ static int tomoyo_write_profile(struct t return -EINVAL; *cp = '\0'; if (!strcmp(data, "COMMENT")) { - profile->comment = tomoyo_save_name(cp + 1); + const struct tomoyo_path_info *new_comment + = tomoyo_save_name(cp + 1); + if (!new_comment) + return -ENOMEM; + profile->comment = new_comment; return 0; } for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) { ---------- Regards.