On Sun, Oct 11, 2020 at 01:29:36AM -0700, Lokesh Gidra wrote: > From: Daniel Colascione <dancol@xxxxxxxxxx> > > This change gives userfaultfd file descriptors a real security > context, allowing policy to act on them. > > Signed-off-by: Daniel Colascione <dancol@xxxxxxxxxx> > > [Remove owner inode from userfaultfd_ctx] > [Use anon_inode_getfd_secure() instead of anon_inode_getfile_secure() > in userfaultfd syscall] > [Use inode of file in userfaultfd_read() in resolve_userfault_fork()] > > Signed-off-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx> > --- I'm not an expert in userfaultfd or SELinux, but I don't see any issues with this patch, and the comments I made earlier were resolved (except for the patch title which I just pointed out -- it should have "userfaultfd:" prefix). So feel free to add: Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>
