Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM

From: Matt Brown
Date: Thu Jul 13 2017 - 18:33:59 EST


On 7/13/17 3:51 PM, Serge E. Hallyn wrote:
> Quoting Mimi Zohar (zohar@xxxxxxxxxxxxxxxxxx):
>> On Thu, 2017-07-13 at 08:39 -0400, Matt Brown wrote:
>> The question is really from a security perspective which is better?
>> Obviously, as v2 of the patch set changed from using pathnames to
>> inodes, it's pretty clear that I think inodes would be better. Kees,
>> Serge, Casey any comments?
>
> Yes, inode seems clearly better. Paths are too easily worked around.
>

Sounds good. Do we think a rb_tree would be better than a list to store
the inodes in?

Matt