On 2020/06/27 13:21, Eric W. Biederman wrote: > Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes: >> On 2020/06/27 1:45, Eric W. Biederman wrote: >>> Does this series by using the normal path through exec solve your >>> concerns with LSMs being able to identify these processes (both >>> individually and as class)?. >> >> I guess "yes" for pathname based LSMs. Though, TOMOYO wants to obtain both >> AT_SYMLINK_NOFOLLOW "struct path" and !AT_SYMLINK_NOFOLLOW "struct path" >> at do_open_execat() from do_execveat_common(). > > Is that a problem with the current do_execveat_common in general? In general. Since LSM does not receive parameters needed for obtaining AT_SYMLINK_NOFOLLOW "struct path" (and it is racy even if parameters were passed to LSM), I want to obtain both paths in one place. > > That does not sound like a problem in the user mode driver case as > there are no symlinks involved. Right.
