On Wed, Jul 15, 2015 at 3:39 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 7/15/2015 2:06 PM, Eric W. Biederman wrote:
>> Casey Schaufler <casey@xxxxxxxxxxxxxxxx> writes:
>
>> The first step needs to be not trusting those labels and treating such
>> filesystems as filesystems without label support. I hope that is Seth
>> has implemented.
>
> A filesystem with Smack labels gets mounted in a namespace. The labels
> are ignored. Instead, the filesystem defaults (potentially specified as
> mount options smackfsdef="something", but usually the floor label ("_"))
> are used, giving the user the ability to read everything and (usually)
> change nothing. This is both dangerous (unintended read access to files)
> and pointless (can't make changes).
I don't get it.
If I mount an unprivileged filesystem, then either the contents were
put there *by me*, in which case letting me access them are fine, or
(with Seth's patches and then some) I control the backing store, in
which case I can do whatever I want regardless of what LSM thinks.
So I don't see the problem. Why would Smack or any other LSM care at
all, unless it wants to prevent me from mounting the fs in the first
place?
--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
