[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0708091223330.19611@us.intercode.com.au>
Date: Thu, 9 Aug 2007 12:34:13 -0700 (PDT)
From: James Morris <jmorris@...ei.org>
To: David Howells <dhowells@...hat.com>
cc: Casey Schaufler <casey@...aufler-ca.com>, torvalds@...l.org,
akpm@...l.org, steved@...hat.com, trond.myklebust@....uio.no,
linux-fsdevel@...r.kernel.org, linux-cachefs@...hat.com,
nfsv4@...ux-nfs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be
obtained [try #2]
On Thu, 9 Aug 2007, David Howells wrote:
> James Morris <jmorris@...ei.org> wrote:
>
> > David, I've looked at the code and can't see that you need to access the
> > label itself outside the LSM. Could you instead simply pass the inode
> > pointer around?
>
> It's not quite that simple. I need to impose *two* security labels in
> cachefiles_begin_secure() when I'm about to act on behalf of a process that's
> tried to access a netfs file:
Ah ok, we had a similar problem with NFS mount options.
While I'm concerned about encoding SELinux-optimized secid labels into
general kernel structures, moving to more generalized pointers introduces
lifecycle maintenance issues and complexity which is not needed in the
mainline kernel. i.e. it'll be unused infrastructure maintained by
upstream, and used only by out-of-tree modules.
So, given that the kernel has no stable API, I suggest accepting the u32
secid as you propose, and if someone wants to merge a module which also
uses these hooks, but is entirely unable to use u32 labels, then they can
also justify making the interface more generalized and provide the code
for it.
- James
--
James Morris
<jmorris@...ei.org>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists