[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200806021524.51597.agruen@suse.de>
Date: Mon, 2 Jun 2008 15:24:48 +0200
From: Andreas Gruenbacher <agruen@...e.de>
To: Matthew Wilcox <matthew@....cx>
Cc: Miklos Szeredi <miklos@...redi.hu>, hch@...radead.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, jmorris@...ei.org,
sds@...ho.nsa.gov, eparis@...hat.com, casey@...aufler-ca.com,
jjohansen@...e.de, penguin-kernel@...ove.sakura.ne.jp,
viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org
Subject: Re: [patch 01/15] security: pass path to inode_create
On Monday 02 June 2008 14:49:06 Matthew Wilcox wrote:
> On Mon, Jun 02, 2008 at 02:45:10PM +0200, Andreas Gruenbacher wrote:
> > Without the vfsmount, when something is mounted in more than once place,
> > you cannot report which of the name aliases a process is accessing. This
> > is unacceptable; the logs would become unusable. With pathname-based, the
> > AppArmor and TOMOYO folks really mean pathname-based, not a hybrid
> > pathname / mount point model.
>
> audit_getname manages to do this.
You would assume, but no: audit_getname() grabs a reference to the pwd and the
absolute or relative pathname. The vfs resolves this to a dentry, but there
is no guarantee that the audit system will end up with the same pathname for
reporting: the namespace may have changed arbitrarily in the meantime.
(I find it rather interesting that this is consistent enough for audit; in my
opinion it isn't.)
On the other hand, AppArmor computes the path it uses for checking from the
dentry/vfsmount atomically with respect to namespace changes, and so the path
used for checking and reporting is always consistent (and it is guaranteed
that the object has been reachable via this path at the time the path has
been generated).
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists