Re: 2.6.10-rc2-mm4
From: Stephen Smalley
Date: Thu Dec 02 2004 - 08:29:09 EST
On Wed, 2004-12-01 at 18:32, Jeffrey Mahoney wrote:
> I took some more time to find a more optimal solution. Since ReiserFS is
> currently the only filesystem that cares about this, it's far easier to keep
> the whole mess internal to ReiserFS. The issue isn't about the treating of
> "private" files in reiserfs, but rather just to avoid the looping of xattr
> calls that selinux would create.
No. It is also about avoiding applying permission checks to these
"private" inodes when reiserfs performs operations on them, e.g. when
__get_xa_root() does a lookup_one_len(), there is ultimately a call to
permission(inode, MAY_EXEC, nd), which triggers a security hook call,
and SELinux will view this as an attempt by the current process to
access the private directory. Simply disabling getxattr/setxattr for
the private inodes won't change this, and you can't assume that most
processes have permission to access the default file context (in fact,
in a strict policy, that won't be the case).
Chris' suggestion of exporting this private flag via i_flags and having
the VFS and/or security framework skip the security hook calls for such
inodes is more reasonable, and should yield the same behavior as that
current patchset (just without the extra security hook and the
filesystem and SELinux-specific private flags).
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/