Re: [PATCH][SELINUX] Re-open descriptors closed on exec by SELinuxto /dev/null

From: Stephen Smalley
Date: Tue May 04 2004 - 07:17:45 EST

Next message: Stephen Smalley: "Re: 2.6.6-rc3: modular DVB tda1004x broken"
Previous message: Paul Mackerras: "[PATCH][PPC32] Updated boot fix"
In reply to: Andrew Morton: "Re: [PATCH][SELINUX] Re-open descriptors closed on exec by SELinuxto /dev/null"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2004-05-03 at 17:41, Andrew Morton wrote:
> Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote:
> >
> > +/* Create an open file that refers to the null device.
> > + Derived from the OpenWall LSM. */
> > +struct file *open_devnull(void)
> > +{
> > + struct inode *inode;
> > + struct dentry *dentry;
> > + struct file *file = NULL;
> > + struct inode_security_struct *isec;
> > + dev_t dev;
> > +
> > + inode = new_inode(current->fs->rootmnt->mnt_sb);
> > + if (!inode)
> > + goto out;
> > +
> > + dentry = dget(d_alloc_root(inode));
> > + if (!dentry)
> > + goto out_iput;
> > +
> > + file = get_empty_filp();
> > + if (!file)
> > + goto out_dput;
> > +
> > + dev = MKDEV(MEM_MAJOR, 3); /* null device */
> > +
> > + inode->i_uid = current->fsuid;
> > + inode->i_gid = current->fsgid;
> > + inode->i_blksize = PAGE_SIZE;
> > + inode->i_blocks = 0;
> > + inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
> > + inode->i_state = I_DIRTY; /* so that mark_inode_dirty won't touch us */
> > +
> > + isec = inode->i_security;
> > + isec->sid = SECINITSID_DEVNULL;
> > + isec->sclass = SECCLASS_CHR_FILE;
> > + isec->initialized = 1;
> > +
> > + file->f_flags = O_RDWR;
> > + file->f_mode = FMODE_READ | FMODE_WRITE;
> > + file->f_dentry = dentry;
> > + file->f_vfsmnt = mntget(current->fs->rootmnt);
> > + file->f_pos = 0;
> > +
> > + init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, dev);
> > + if (inode->i_fop->open(inode, file))
> > + goto out_fput;
> > +
> > +out:
> > + return file;
> > +out_fput:
> > + mntput(file->f_vfsmnt);
> > + put_filp(file);
> > +out_dput:
> > + dput(dentry);
> > +out_iput:
> > + iput(inode);
> > + file = NULL;
> > + goto out;
> > +}
>
> That seems to be a heck of a lot of code to get a file* which refers to
> /dev/null. I guess calling flip_open("/dev/null") is a bit grubby, but are
> you sure there's no simpler way?

Not that I know of. Perhaps Al has a suggestion?

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Smalley: "Re: 2.6.6-rc3: modular DVB tda1004x broken"
Previous message: Paul Mackerras: "[PATCH][PPC32] Updated boot fix"
In reply to: Andrew Morton: "Re: [PATCH][SELINUX] Re-open descriptors closed on exec by SELinuxto /dev/null"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]