Re: [PATCH 10/29] selinux: implement set acl hook

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 23, 2022 at 08:47:07AM +0200, Christoph Hellwig wrote:
> On Thu, Sep 22, 2022 at 01:16:57PM -0400, Paul Moore wrote:
> > properly review the changes, but one thing immediately jumped out at
> > me when looking at this: why is the LSM hook
> > "security_inode_set_acl()" when we are passing a dentry instead of an
> > inode?  We don't have a lot of them, but there are
> > `security_dentry_*()` LSM hooks in the existing kernel code.
> 
> I'm no LSM expert, but isn't the inode vs dentry for if it is
> related to an inode operation or dentry operation, not about that
> the first argument is?

Indeed. For example,

void security_inode_post_setxattr(struct dentry *dentry, const char *name,
				  const void *value, size_t size, int flags)
{
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
		return;
	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
	evm_inode_post_setxattr(dentry, name, value, size);
}

int security_inode_getxattr(struct dentry *dentry, const char *name)
{
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
		return 0;
	return call_int_hook(inode_getxattr, 0, dentry, name);
}

int security_inode_listxattr(struct dentry *dentry)
{
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
		return 0;
	return call_int_hook(inode_listxattr, 0, dentry);
}



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux