Re: [PATCH 2/5] selinux: adds a private inode operation

From: Stephen Smalley
Date: Tue Nov 23 2004 - 14:58:02 EST


On Tue, 2004-11-23 at 14:27, Jeff Mahoney wrote:
> Chris Wright wrote:
> | Why add extra hook, when this could be done in VFS with i_flags?
>
> Sure, it could be done w/ an i_flags bit. However, since it's explicitly
> related to the security infrastructure, I think it's more appropriate
> there. There's no change in the size of inode_security_struct, and the
> addition of the deref is trivial given how many other places in the
> file-io path use the same call table. That said, I'll change it to use
> whatever ends up being agreed upon. I'm just looking to get selinux to
> not call xattr routines on reiserfs-internal files/directories.

I suppose the question is whether the VFS maintainer thinks that this
reiserfs private inode flag should be made visible in the i_flags, or
whether it should remain private to reiserfs and only explicitly
exported to the security modules via the new hook. We can implement the
corresponding SELinux support for handling such private inodes either
way. Would the VFS ever make use of the flag itself, e.g. to skip DAC
permission checking on such inodes as well?

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/