On 04/15/2014 04:22 PM, Christoph Hellwig wrote: > On Tue, Apr 15, 2014 at 04:04:32PM -0400, Stephen Smalley wrote: >> Is there a reason that xfs_init_security() isn't called from the inode >> allocation function (e.g. xfs_ialloc), as in ext4 (__ext4_new_inode >> calls ext4_init_security and also calls ext4_init_acl)? That would have >> ensured that tmpfile inodes would have been labeled without requiring a >> separate change and more generally ensures complete coverage for all inodes. > > Really just code structuring - we don't like callouts to high level VFS > functions from deep down in the guts of the filesystem. > >> For SELinux, we need the tmpfile inodes to be labeled at creation time, >> not just if linked into the namespace, since they may be shared via >> local socket IPC or inherited across a label-changing exec and since we >> revalidate access on transfer or use. >> >> Labeling based on the provided directory could be a bit random, although >> it will work out with current policy if the provided directory >> corresponds to existing tmpfile locations (e.g. /tmp, /var/tmp) and >> therefore already has a label associated with temporary files. >> Otherwise we might want some indication that it is a tmpfile passed into >> security_inode_init_security() so that we can always select a stable >> label irrespective of the directory. > > Just check for I_LINKABLE in i_flags. Thanks, that should allow us to handle it cleanly in the security modules! -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
