Re: [PATCH v5 1/2] selinux: add brief info to policydb

From: William Roberts
Date: Wed May 17 2017 - 14:28:37 EST


On Wed, May 17, 2017 at 10:00 AM, Sebastien Buisson
<sbuisson.ddn@xxxxxxxxx> wrote:
> 2017-05-17 18:04 GMT+02:00 William Roberts <bill.c.roberts@xxxxxxxxx>:
>> I'm assuming in the Lustre code you're going to call security_policy_brief(),
>> how would the caller know how big that buffer is going to be?
>
> We can determine it at configure time for instance, given that len as
> an output parameter would give the size necessary to store the policy
> brief info.
>
>> I'm looking at both v5 patches, I don't see where it's being called with alloc
>> set to false.
>
> It would be called with alloc set to false from network and
> distributed file systems like Lustre.

That doesn't seem like a good way at all.
1. What happens as the brief is changed, all callers with false
would potentially need there buffer size increased.
2. There is no guarantee at runtime that as brief changes,
that the size will remain bounded. fields could be
added/changed/removed.
3. If/when stacking needs to be supported, brief size can
change dramatically, bringing us back to issue 1.

--
Respectfully,

William C Roberts