Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 9 Aug 2007, Casey Schaufler wrote:

> This is SELinux specific functionality. It should not be an LSM
> interface. 

As long as the security labels are themselves not being exported to the 
kernel to be used e.g. for display or transport, then I agree, and we 
should avoid passing them around outside the LSM entirely if possible.

Usually, they're attached to a significant kernel object, which you 
typically pass around as part of the interface anyway.

David, I've looked at the code and can't see that you need to access the 
label itself outside the LSM.  Could you instead simply pass the inode 
pointer around?

(I know it's not always possible, but much preferred).


- James
-- 
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux