lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jul 2011 17:17:22 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Eric Paris <eparis@...hat.com> Cc: xfs-masters@....sgi.com, linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org, linux-ext4@...r.kernel.org, cluster-devel@...hat.com, linux-mtd@...ts.infradead.org, jfs-discussion@...ts.sourceforge.net, ocfs2-devel@....oracle.com, reiserfs-devel@...r.kernel.org, xfs@....sgi.com, linux-mm@...ck.org, linux-security-module@...r.kernel.org, jack@...e.cz, penguin-kernel@...ove.SAKURA.ne.jp, jeffm@...e.com, jmorris@...ei.org, dhowells@...hat.com, adilger.kernel@...ger.ca, shaggy@...ux.vnet.ibm.com, shemminger@...tta.com, hch@....de, hughd@...gle.com, joel.becker@...cle.com, chris.mason@...cle.com, aelder@....com, kees.cook@...onical.com, sds@...ho.nsa.gov, paul.moore@...com, mfasheh@...e.com, dchinner@...hat.com, eparis@...isplace.org, swhiteho@...hat.com, tao.ma@...cle.com, tytso@....edu, casey@...aufler-ca.com, serue@...ibm.com, akpm@...ux-foundation.org, dwmw2@...radead.org Subject: Re: [PATCH] fs/vfs/security: pass last path component to LSM on inode creation On Wed, Dec 08, 2010 at 02:45:27PM -0500, Eric Paris wrote: > SELinux would like to implement a new labeling behavior of newly created > inodes. We currently label new inodes based on the parent and the creating > process. This new behavior would also take into account the name of the > new object when deciding the new label. This is not the (supposed) full path, > just the last component of the path. > > This is very useful because creating /etc/shadow is different than creating > /etc/passwd but the kernel hooks are unable to differentiate these > operations. We currently require that userspace realize it is doing some > difficult operation like that and than userspace jumps through SELinux hoops > to get things set up correctly. This patch does not implement new > behavior, that is obviously contained in a seperate SELinux patch, but it > does pass the needed name down to the correct LSM hook. If no such name > exists it is fine to pass NULL. -ETOOFUCKINGUGLY... -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists