On 5/4/2011 1:47 AM, Roberto Sassu wrote: > On Wednesday, May 04, 2011 01:58:00 AM John Johansen wrote: >> .... >> I have to agree with Casey, Generally looping back through the vfs should >> be using the user's credentials. This doesn't even stop you opening the >> lower file with a different set of permissions (eg. rw while the upper >> is opened with r). > Hi Casey and John > > my patch set does not modify this behavior: VFS calls on upper inodes > made by user processes and VFS calls (read/write) made by eCryptfs > on lower inodes still use the user's credentials. > > In addition, SELinux provide a model for file descriptors. They may be > opened by another subject (which provided its own credentials) and > other processes need the 'use' permission for those file descriptors > other than permissions for related inodes. > > This means that, even if eCryptfs opens lower inodes with its own > credentials, user processes still need permissions to read/write both > upper and lower inodes. > > One benefit of allowing eCryptfs to provide its own credentials is that > user processes must have granted only strictly required permissions. > > Roberto Sassu My point is that you should be able to achieve all of what you say you want to do without introducing the LSM changes you are proposing. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.