Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

From: Casey Schaufler
Date: Thu Aug 09 2007 - 16:34:50 EST



--- James Morris <jmorris@xxxxxxxxx> wrote:

> On Thu, 9 Aug 2007, David Howells wrote:
>
> > James Morris <jmorris@xxxxxxxxx> wrote:
> >
> > > David, I've looked at the code and can't see that you need to access the
> > > label itself outside the LSM. Could you instead simply pass the inode
> > > pointer around?
> >
> > It's not quite that simple. I need to impose *two* security labels in
> > cachefiles_begin_secure() when I'm about to act on behalf of a process
> that's
> > tried to access a netfs file:
>
> Ah ok, we had a similar problem with NFS mount options.
>
> While I'm concerned about encoding SELinux-optimized secid labels into
> general kernel structures, moving to more generalized pointers introduces
> lifecycle maintenance issues and complexity which is not needed in the
> mainline kernel. i.e. it'll be unused infrastructure maintained by
> upstream, and used only by out-of-tree modules.
>
> So, given that the kernel has no stable API, I suggest accepting the u32
> secid as you propose, and if someone wants to merge a module which also
> uses these hooks, but is entirely unable to use u32 labels, then they can
> also justify making the interface more generalized and provide the code
> for it.

Grumble. Yet another thing to undo in the near future. I still
hope to suggest what I would consider a viable alternative "soon".


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/