Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

James Morris <jmorris@xxxxxxxxx> wrote:

> David, I've looked at the code and can't see that you need to access the 
> label itself outside the LSM.  Could you instead simply pass the inode 
> pointer around?

It's not quite that simple.  I need to impose *two* security labels in
cachefiles_begin_secure() when I'm about to act on behalf of a process that's
tried to access a netfs file:

 (1) The security label to act as.  This is the label attached to the
     cachefilesd process when it starts the cache.  This is obtained by
     cachefiles_get_security_ID().

 (2) The security label to create files as.  This is the label attached to
     root directory of the cache.  This is obtained by
     cachefiles_determine_cache_secid().

David
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux