On Sat, Oct 12, 2019 at 12:16 PM Daniel Colascione <dancol@xxxxxxxxxx> wrote: > > Use the secure anonymous inode LSM hook we just added to let SELinux > policy place restrictions on userfaultfd use. The create operation > applies to processes creating new instances of these file objects; > transfer between processes is covered by restrictions on read, write, > and ioctl access already checked inside selinux_file_receive. This is great, and I suspect we'll want it for things like SGX, too. But the current design seems like it will make it essentially impossible for SELinux to reference an anon_inode class whose file_operations are in a module, and moving file_operations out of a module would be nasty. Could this instead be keyed off a new struct anon_inode_class, an enum, or even just a string? --Andy
