Re: 2.6.10-rc2-mm4

[Chris Wright]

* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> On Tue, 2004-11-30 at 12:50, Andrew Morton wrote:
> > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc2/2.6.10-rc2-mm4/
> <snip>
> > selinux-adds-a-private-inode-operation.patch
> >   selinux: adds a private inode operation
> 
> Below is a re-base to 2.6.10-rc2-mm4 of a patch I posted earlier during
> the original discussion of the above referenced patch.  This patch
> removes the unnecessary code in inode_doinit_with_dentry, replaces the
> unused inherits flag field (legacy from earlier code) with a private
> flag field, does not set the SID in selinux_inode_mark_private (leaving
> it with the unlabeled SID, which will ensure that we notice it if it
> ever reaches a SELinux permission check), and modifies SELinux
> permission checking functions and post_create() to test for the private
> flag and skip SELinux processing in that case.  Please include if/when
> the reiserfs/selinux patchset goes upstream.  I know that Chris Wright
> had raised the question of whether we should be using i_flags to convey
> the "private" nature of the inode rather than using a security hook, but
> didn't see any resolution of that issue.

My concerns are that the check has to be duplicated in any module,
and that thus far we've tried to keep out fs -> module communication,
letting vfs do it.  This could at least be fs -> vfs communication,
and then either vfs or security framework could check flags and never
call into module on fs private objects.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/