[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7451.1161970450@redhat.com>
Date: Fri, 27 Oct 2006 18:34:10 +0100
From: David Howells <dhowells@...hat.com>
To: Stephen Smalley <sds@...ho.nsa.gov>
Cc: David Howells <dhowells@...hat.com>, aviro@...hat.com,
linux-kernel@...r.kernel.org, selinux@...ho.nsa.gov,
chrisw@...s-sol.org, jmorris@...ei.org
Subject: Re: Security issues with local filesystem caching
Stephen Smalley <sds@...ho.nsa.gov> wrote:
> > You start the cache by mounting it:
> >
> > mount -t cachefs /dev/hdx9 /cachefs
> >
> > Then it's online. However, you might want to check that whoever's calling
> > mount has permission to bring a cache online...
>
> Hmmm...that raises a separate issue - how does SELinux label cachefs
> inodes? Does cachefs support xattrs? Other option is to use a mount
> context (mount -o context=...) to apply a single context to all inodes
> within it.
There are only two inodes publically available through cachefs - the root dir
and a file of statistics - and they're both read only. Everything else, for
the moment, is strictly internal and unavailable to userspace. In fact, there
may not be any other inodes.
> Where exactly is the cachefs code available?
It'll need a little bit of work to make it compilable again; but I can probably
get you a copy on Monday. I've been concentrating on CacheFiles.
> I'm also unclear on where you establish the binding between the files
> being cached and the cache. What specifies that e.g. a given NFS mount
> should be backed to a given cache? We need to be able to control that
> relationship too, to establish that the cache is being protected
> adequately for the source data.
Yes. I haven't worked that one out yet. Currently it's not a problem as only
CacheFiles is available at the moment, and that currently only supports one
cache.
But I have an idea that I need to work on to make it possible to associate
directories and files with caches (or other useful parameters).
> > (1) Permission to bring a cache online or to take a cache offline.
>
> At present, this will show up as the usual checking on mount (security
> hooks in do_mount and vfs_kern_mount) and on umount (security hook in
> do_umount) by SELinux. I'm not sure whether you need anything specific
> to the cache.
That doesn't apply to CacheFiles, but okay; we can always add it later if we
decide we want it.
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists