Re: [PATCH][SELINUX] Re-open descriptors closed on exec by SELinuxto /dev/null

[Andrew Morton]

Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote:
>
> +/* Create an open file that refers to the null device.
> +   Derived from the OpenWall LSM. */
> +struct file *open_devnull(void) 
> +{
> +	struct inode *inode;
> +	struct dentry *dentry;
> +	struct file *file = NULL;
> +	struct inode_security_struct *isec;
> +	dev_t dev;
> +
> +	inode = new_inode(current->fs->rootmnt->mnt_sb);
> +	if (!inode)
> +		goto out;
> +
> +	dentry = dget(d_alloc_root(inode));
> +	if (!dentry)
> +		goto out_iput;
> +
> +	file = get_empty_filp();
> +	if (!file)
> +		goto out_dput;
> +
> +	dev = MKDEV(MEM_MAJOR, 3); /* null device */
> +
> +	inode->i_uid = current->fsuid;
> +	inode->i_gid = current->fsgid;
> +	inode->i_blksize = PAGE_SIZE;
> +	inode->i_blocks = 0;
> +	inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
> +	inode->i_state = I_DIRTY; /* so that mark_inode_dirty won't touch us */
> +
> +	isec = inode->i_security;
> +	isec->sid = SECINITSID_DEVNULL;
> +	isec->sclass = SECCLASS_CHR_FILE;
> +	isec->initialized = 1;
> +
> +	file->f_flags = O_RDWR;
> +	file->f_mode = FMODE_READ | FMODE_WRITE;
> +	file->f_dentry = dentry;
> +	file->f_vfsmnt = mntget(current->fs->rootmnt);
> +	file->f_pos = 0;
> +
> +	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, dev);
> +	if (inode->i_fop->open(inode, file))
> +		goto out_fput;
> +
> +out:
> +	return file;
> +out_fput:
> +	mntput(file->f_vfsmnt);
> +	put_filp(file);
> +out_dput:	
> +	dput(dentry);
> +out_iput:	
> +	iput(inode);
> +	file = NULL;
> +	goto out;
> +}

That seems to be a heck of a lot of code to get a file* which refers to
/dev/null.  I guess calling flip_open("/dev/null") is a bit grubby, but are
you sure there's no simpler way?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/