On Sat, 24 Feb 2024 at 11:16, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> > Would selinux be happy if the inode allocation just used the
> > anon_inode superblock instead of pidfdfs_sb?
>
> No, unfortunately not. The core issue is that anon_inode_getfile() isn't
> subject to any LSM hooks which is what pidfds used. But dentry_open() is
> via security_file_open().
Ahh.
> But here's a straightforward fix appended. We let pidfs.c use that fix
> as and then we introduce a new LSM hook for pidfds that allows mediation
> of pidfds and selinux can implement it when they're ready. This is
> regression free and future proof. I actually tested this already today.
>
> How does that sounds?
Ack. Perfect. This is how new features go in: they act like the old
ones, but have expanded capabilities that you can expose for people
who want to use them.
The fact that this all apparently happened in nsfs too is a bit sad. I
hadn't even been aware of it.
I absolutely *hate* how some kernel people will just say "the fix is
to upgrade your user space".
Oh well, water under the bridge. But let's do it right for pidfs, and
your fix looks good to me.
Thanks,
Linus
