www.infradead.org Git - users/willy/pagecache.git/commit

author	Luca Boccassi <bluca@debian.org>
	Wed, 25 Sep 2024 21:01:34 +0000 (23:01 +0200)
committer	Fan Wu <wufan@kernel.org>
	Thu, 17 Oct 2024 18:38:15 +0000 (11:38 -0700)
commit	5ceecb301e50e933c1e621fbeea5ec239fbff858
tree	247901761294b4c0112c1d714b813ebae4e6b26e	tree
parent	579941899db4f972507df3bf783518e606bb095a	commit \| diff

ipe: also reject policy updates with the same version

Currently IPE accepts an update that has the same version as the policy
being updated, but it doesn't make it a no-op nor it checks that the
old and new policyes are the same. So it is possible to change the
content of a policy, without changing its version. This is very
confusing from userspace when managing policies.
Instead change the update logic to reject updates that have the same
version with ESTALE, as that is much clearer and intuitive behaviour.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Fan Wu <wufan@kernel.org>

Documentation/admin-guide/LSM/ipe.rst		diff \| blob \| history
security/ipe/policy.c		diff \| blob \| history