On 04/02/2013 19:35, Myklebust, Trond wrote:
On Tue, 2013-04-02 at 17:45 -0400, Steve Dickson wrote:
From: David Quigley <dpquigl@xxxxxxxxxxxxxxx>
There is a time where we need to calculate a context without the
inode having been created yet. To do this we take the negative
dentry and
calculate a context based on the process and the parent directory
contexts.
Can you remind me again why this is needed? Basing security decisions
on
the namespace seems just seems to run against the basic selinux
concept.
Is it for apparmor and tomoyo support in LNFS?
The thing is we aren't creating it based on the namespace. The negative
dentry has a reference to its parent which is the label being used for
the computation. The problem is there is no way for us to do this
calculation in NFS because the place it needs to be done is lacking the
actual inode so instead we use the process and the parent label. If
there is a transition in place it would act on the parent label and
process label anyway. Its not like we're deciding that /usr/foo/bar gets
labeled with bar_t but instead we're saying that process foo created a
file in a directory labeled foo_t so it becomes bar_t. Alternatively if
no transition is in place we'd instead say that because foo is labeled
foo_t we're creating a file underneath that so it gets labeled foo_t.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
