[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 22 Nov 2009 18:42:04 -0800
From: ebiederm@...ssion.com (Eric W. Biederman)
To: James Morris <jmorris@...ei.org>
Cc: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Stephen Smalley <sds@...ho.nsa.gov>,
Eric Paris <eparis@...hat.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Subject: Re: [RFC][PATCH] security/selinux: Simplify proc inode to security label mapping.
James Morris <jmorris@...ei.org> writes:
> On Fri, 20 Nov 2009, Eric W. Biederman wrote:
>
>>
>> Currently selinux has incestuous knowledge of the implementation details
>> of procfs and sysctl that it uses to get a pathname from an inode. As it
>> happens the point we care is in the security_d_instantiate lsm hook so
>> we have a valid dentry that we can use to get the entire pathname on
>> the proc filesystem. With the recent change to sys_sysctl to go through
>> proc/sys all proc and sysctl accesses go through the vfs, which
>> means we no longer need a sysctl special case.
>
> I need to investigate this further, but one immediate issue is that
> Tomoyo seems to have similar code.
The Tomoyo code is currently gone in the sysctl tree (and thus in
linux-next), that change was part of what got me thinking about changing
selinux as well.
If we can remove the selinux special case as well then we can actually
remove the sysctl hook from the lsm.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists