On Thu, Mar 28, 2024 at 8:07 AM Christian Brauner <brauner@xxxxxxxxxx> wrote: > On Thu, Mar 28, 2024 at 01:24:25PM +0200, Roberto Sassu wrote: > > Also, consider that the pre hook security_path_mknod() has the dentry as > > parameter. For symmetry, we could keep it in the post hook. > > I think that's not that important. It is important to me. If you change security_path_post_mknod() to take an inode, please also change security_path_mknod() to take an inode ... actually, looking quickly at the code it looks like at least AppArmor and TOMOYO make use of the dentry and not just the associated inode. I didn't dive deeply into either so perhaps they could be modified to use an inode instead, but that is a decision I would leave up to John and Tetsuo. While Landlock does make use of the hook, it doesn't look like it cares about anything in the dentry. With that in mind, unless Christian has a strong argument as to why security_path_post_mknod() must change its parameter from a dentry to an inode, I would very much prefer to have both hooks continue to take a dentry, unless we all decide they can be safely changed to use an inode as a parameter. As the previous IMA/EVM hook took a dentry for years, and Christian originally reviewed/OK'd the LSM hook, I'm guessing there is not any significant harm in continuing to pass a dentry, but if that isn't the case please say so ... Of course this doesn't change anything with respect to the necessary bugfix and/or the hook name/bikeshedding effort; no objections from me on either. -- paul-moore.com
