Re: [RFC 0/28] Patches to pass vfsmount to LSM inode security hooks

Chris Wright <chrisw@xxxxxxxxxxxx> · Wed, 7 Feb 2007 07:43:32 -0800

* Andreas Gruenbacher (agruen@xxxxxxx) wrote:
> Reiserfs currently only marks the ".reiserfs_priv" directory as private, but 
> not the files below it -- how about the attached patch to fix that?

I don't think that's right.  Look at ->create or ->lookup.  Both of those
properly set the private flag.  This patch looks like a step backwards,
sprinkling the init in so many places.

> Fix reiserfs xattrs for selinux
> 
> Mark all inodes used for reiserfs xattrs as private so that selinux
> (or any other LSM) will not try to mediate access to the files and
> directories used as the xattr backing store. The xattr operations
> are already protected through the xattr LSM hooks.
> 
> There is no real reason for having reiserfs_mark_inode_private --
> remove it and directly mark the inodes as private.
> 
> Signed-off-by: Andreas Gruenbacher <agruen@xxxxxxx>
> Cc: Jeff Mahoney <jeffm@xxxxxxx>
> 
> Index: b/fs/reiserfs/xattr.c
> ===================================================================
> --- a/fs/reiserfs/xattr.c
> +++ b/fs/reiserfs/xattr.c
> @@ -79,6 +79,7 @@ static struct dentry *create_xa_root(str
>  			dput(privroot);
>  			return ERR_PTR(err);
>  		}
> +		xaroot->d_inode->i_flags |= S_PRIVATE;

Already handled in the above ->mkdir

>  		REISERFS_SB(sb)->xattr_root = dget(xaroot);
>  	}
>  
> @@ -108,6 +109,7 @@ static struct dentry *__get_xa_root(stru
>  		goto out;
>  	}
>  
> +	xaroot->d_inode->i_flags |= S_PRIVATE;

Already handled during xa_root creation

>  	REISERFS_SB(s)->xattr_root = dget(xaroot);
>  
>        out:
> @@ -183,6 +185,7 @@ static struct dentry *open_xa_dir(const 
>  			return ERR_PTR(-ENODATA);
>  		}
>  	}
> +	xadir->d_inode->i_flags |= S_PRIVATE;

Already handled in lookup or mkdir

>  	dput(xaroot);
>  	return xadir;
> @@ -235,6 +238,8 @@ static struct dentry *get_xa_file_dentry
>  	dput(xadir);
>  	if (err)
>  		xafile = ERR_PTR(err);
> +	else
> +		xafile->d_inode->i_flags |= S_PRIVATE;

Already handled in lookup or create

>  	return xafile;
>  }
>  
> @@ -715,6 +720,7 @@ __reiserfs_xattr_del(struct dentry *xadi
>  		err = -ENODATA;
>  		goto out_file;
>  	}
Already handled in lookup

etc...
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html