Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
From: David Howells
Date: Thu Aug 09 2007 - 15:08:47 EST
James Morris <jmorris@xxxxxxxxx> wrote:
> David, I've looked at the code and can't see that you need to access the
> label itself outside the LSM. Could you instead simply pass the inode
> pointer around?
It's not quite that simple. I need to impose *two* security labels in
cachefiles_begin_secure() when I'm about to act on behalf of a process that's
tried to access a netfs file:
(1) The security label to act as. This is the label attached to the
cachefilesd process when it starts the cache. This is obtained by
cachefiles_get_security_ID().
(2) The security label to create files as. This is the label attached to
root directory of the cache. This is obtained by
cachefiles_determine_cache_secid().
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/