| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <22259.1186686459@redhat.com>
Date: Thu, 09 Aug 2007 20:07:39 +0100
From: David Howells <dhowells@...hat.com>
To: James Morris <jmorris@...ei.org>
Cc: dhowells@...hat.com, Casey Schaufler <casey@...aufler-ca.com>,
torvalds@...l.org, akpm@...l.org, steved@...hat.com,
trond.myklebust@....uio.no, linux-fsdevel@...r.kernel.org,
linux-cachefs@...hat.com, nfsv4@...ux-nfs.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
James Morris <jmorris@...ei.org> wrote:
> David, I've looked at the code and can't see that you need to access the
> label itself outside the LSM. Could you instead simply pass the inode
> pointer around?
It's not quite that simple. I need to impose *two* security labels in
cachefiles_begin_secure() when I'm about to act on behalf of a process that's
tried to access a netfs file:
(1) The security label to act as. This is the label attached to the
cachefilesd process when it starts the cache. This is obtained by
cachefiles_get_security_ID().
(2) The security label to create files as. This is the label attached to
root directory of the cache. This is obtained by
cachefiles_determine_cache_secid().
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists