Re: [PATCH 2/7] Add a concept of a "secure" anonymous file

From: Christoph Hellwig
Date: Tue Oct 15 2019 - 04:08:36 EST


On Sat, Oct 12, 2019 at 12:15:57PM -0700, Daniel Colascione wrote:
> A secure anonymous file is one we hooked up to its own inode (as
> opposed to the shared inode we use for non-secure anonymous files). A
> new selinux hook gives security modules a chance to initialize, label,
> and veto the creation of these secure anonymous files. Security
> modules had limit ability to interact with non-secure anonymous files
> due to all of these files sharing a single inode.

Again please add Al. Also explain what the problem would be to always
use a separate inode.