On 10/28/2015 07:48 AM, Andreas Gruenbacher wrote: > On Tue, Oct 27, 2015 at 5:40 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote: >>> >>> Use path_has_perm directly instead. >> >> >> This reverts: >> >> commit 13f8e9810bff12d01807b6f92329111f45218235 >> Author: David Howells <dhowells@xxxxxxxxxx> >> Date: Thu Jun 13 23:37:55 2013 +0100 >> >> SELinux: Institute file_path_has_perm() >> >> Create a file_path_has_perm() function that is like path_has_perm() but >> instead takes a file struct that is the source of both the path and the >> inode (rather than getting the inode from the dentry in the path). This >> is then used where appropriate. >> >> This will be useful for situations like unionmount where it will be >> possible to have an apparently-negative dentry (eg. a fallthrough) that >> is >> open with the file struct pointing to an inode on the lower fs. >> >> Signed-off-by: David Howells <dhowells@xxxxxxxxxx> >> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> >> >> which I think David was intending to use as part of his SELinux/overlayfs >> support. > > Okay. As long as overlayfs support in SELinux is in half-finished > state, let's leave this alone. Also, the caller is holding a spinlock (tty_files_lock), so you can't call inode_doinit from here. Try stress testing your patch series by just always setting isec->initialized to LABEL_INVALID. Previously the *has_perm functions could be called under essentially any condition, with the exception of when in a RCU walk and needing to audit the dname (but they did not previously block/sleep). _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
