Re: [PATCH v10 3/3] Use secure anon inodes for userfaultfd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Oct 11, 2020 at 01:29:36AM -0700, Lokesh Gidra wrote:
> From: Daniel Colascione <dancol@xxxxxxxxxx>
> 
> This change gives userfaultfd file descriptors a real security
> context, allowing policy to act on them.
> 
> Signed-off-by: Daniel Colascione <dancol@xxxxxxxxxx>
> 
> [Remove owner inode from userfaultfd_ctx]
> [Use anon_inode_getfd_secure() instead of anon_inode_getfile_secure()
>  in userfaultfd syscall]
> [Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
> 
> Signed-off-by: Lokesh Gidra <lokeshgidra@xxxxxxxxxx>
> ---

I'm not an expert in userfaultfd or SELinux, but I don't see any issues with
this patch, and the comments I made earlier were resolved (except for the patch
title which I just pointed out -- it should have "userfaultfd:" prefix).

So feel free to add:

Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux