Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata

From: Al Viro
Date: Mon Feb 26 2018 - 19:57:39 EST

Next message: Shuah Khan: "Re: [PATCH 4.14 00/54] 4.14.23-stable review"
Previous message: Shuah Khan: "Re: [PATCH 4.9 00/39] 4.9.85-stable review"
In reply to: MickaÃl SalaÃn: "[PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata"
Next in thread: Al Viro: "Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 27, 2018 at 01:41:11AM +0100, Mickaël Salaün wrote:
> The function current_nameidata_security(struct inode *) can be used to
> retrieve a blob's pointer address tied to the inode being walk through.
> This enable to follow a path lookup and know where an inode access come
> from. This is needed for the Landlock LSM to be able to restrict access
> to file path.
>
> The LSM hook nameidata_free_security(struct inode *) is called before
> freeing the associated nameidata.

NAK. Not without well-defined semantics and "some Linux S&M uses that for
something, don't ask what" does not count.

Next message: Shuah Khan: "Re: [PATCH 4.14 00/54] 4.14.23-stable review"
Previous message: Shuah Khan: "Re: [PATCH 4.9 00/39] 4.9.85-stable review"
In reply to: MickaÃl SalaÃn: "[PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata"
Next in thread: Al Viro: "Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]