ipe: don't bother with removal of files in directory we'll be removing

author Al Viro <viro@zeniv.linux.org.uk>

Wed, 11 Jun 2025 23:08:12 +0000 (19:08 -0400)

committer Al Viro <viro@zeniv.linux.org.uk>

Tue, 17 Jun 2025 22:10:53 +0000 (18:10 -0400)
author Al Viro <viro@zeniv.linux.org.uk>
Wed, 11 Jun 2025 23:08:12 +0000 (19:08 -0400)
committer Al Viro <viro@zeniv.linux.org.uk>
Tue, 17 Jun 2025 22:10:53 +0000 (18:10 -0400)
diff --git a/security/ipe/fs.c b/security/ipe/fs.c

index f40e50bfd2e707c5be1aea0503b34453602c18cb..0bb9468b8026336bc6111fadeffeed3b7b6da6ee 100644 (file)
--- a/security/ipe/fs.c
+++ b/security/ipe/fs.c
@@ -12,11 +12,8 @@
  #include "policy.h"
  #include "audit.h"
  
-static struct dentry *np __ro_after_init;
  static struct dentry *root __ro_after_init;
  struct dentry *policy_root __ro_after_init;
-static struct dentry *audit_node __ro_after_init;
-static struct dentry *enforce_node __ro_after_init;
  
  /**
   * setaudit() - Write handler for the securityfs node, "ipe/success_audit"
@@ -200,27 +197,26 @@ static int __init ipe_init_securityfs(void)
  {
         int rc = 0;
         struct ipe_policy *ap;
+       struct dentry *dentry;
  
         if (!ipe_enabled)
                 return -EOPNOTSUPP;
  
         root = securityfs_create_dir("ipe", NULL);
-       if (IS_ERR(root)) {
-               rc = PTR_ERR(root);
-               goto err;
-       }
+       if (IS_ERR(root))
+               return PTR_ERR(root);
  
-       audit_node = securityfs_create_file("success_audit", 0600, root,
+       dentry = securityfs_create_file("success_audit", 0600, root,
                                             NULL, &audit_fops);
-       if (IS_ERR(audit_node)) {
-               rc = PTR_ERR(audit_node);
+       if (IS_ERR(dentry)) {
+               rc = PTR_ERR(dentry);
                 goto err;
         }
  
-       enforce_node = securityfs_create_file("enforce", 0600, root, NULL,
+       dentry = securityfs_create_file("enforce", 0600, root, NULL,
                                               &enforce_fops);
-       if (IS_ERR(enforce_node)) {
-               rc = PTR_ERR(enforce_node);
+       if (IS_ERR(dentry)) {
+               rc = PTR_ERR(dentry);
                 goto err;
         }
  
@@ -237,18 +233,14 @@ static int __init ipe_init_securityfs(void)
                         goto err;
         }
  
-       np = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
-       if (IS_ERR(np)) {
-               rc = PTR_ERR(np);
+       dentry = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
+       if (IS_ERR(dentry)) {
+               rc = PTR_ERR(dentry);
                 goto err;
         }
  
         return 0;
  err:
-       securityfs_remove(np);
-       securityfs_remove(policy_root);
-       securityfs_remove(enforce_node);
-       securityfs_remove(audit_node);
         securityfs_remove(root);
         return rc;
  }
diff --git a/security/ipe/policy_fs.c b/security/ipe/policy_fs.c

index db26032ccbe1c289092c7979090dcdb08ab39e32..9d92d8a14b13dd97b2f393319a52357e5eef379a 100644 (file)
--- a/security/ipe/policy_fs.c
+++ b/security/ipe/policy_fs.c
@@ -438,7 +438,7 @@ static const struct ipefs_file policy_subdir[] = {
   */
  void ipe_del_policyfs_node(struct ipe_policy *p)
  {
-       securityfs_recursive_remove(p->policyfs);
+       securityfs_remove(p->policyfs);
         p->policyfs = NULL;
  }
  
@@ -485,6 +485,6 @@ int ipe_new_policyfs_node(struct ipe_policy *p)
  
         return 0;
  err:
-       securityfs_recursive_remove(policyfs);
+       securityfs_remove(policyfs);
         return rc;
  }
author	Al Viro <viro@zeniv.linux.org.uk>
	Wed, 11 Jun 2025 23:08:12 +0000 (19:08 -0400)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Tue, 17 Jun 2025 22:10:53 +0000 (18:10 -0400)
security/ipe/fs.c		patch \| blob \| blame \| history
security/ipe/policy_fs.c		patch \| blob \| blame \| history