On Fri, Sep 23, 2022 at 3:57 AM Christian Brauner <brauner@xxxxxxxxxx> wrote: > On Fri, Sep 23, 2022 at 08:47:07AM +0200, Christoph Hellwig wrote: > > On Thu, Sep 22, 2022 at 01:16:57PM -0400, Paul Moore wrote: > > > properly review the changes, but one thing immediately jumped out at > > > me when looking at this: why is the LSM hook > > > "security_inode_set_acl()" when we are passing a dentry instead of an > > > inode? We don't have a lot of them, but there are > > > `security_dentry_*()` LSM hooks in the existing kernel code. > > > > I'm no LSM expert, but isn't the inode vs dentry for if it is > > related to an inode operation or dentry operation, not about that > > the first argument is? > > Indeed. For example ... If the goal is for this LSM hook to operate on an inode and not a dentry, let's pass it an inode instead. This should help prevent misuse and I suspect the individual implementations will be quicker for it anyway (it should be the case for SELinux, and while I'm not a Smack expert it looks to be true for Smack as well). There is the potential for some additional work in the case where the inode needs to be revalidated (I believe this is only a SELinux issue at the moment) as well as if an audit event needs to be generated, but these should both happen infrequently enough that I don't believe they are a real concern. -- paul-moore.com
