| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Jan 2011 05:25:28 +0200
From: Lucian Adrian Grijincu <lucian.grijincu@...il.com>
To: Stephen Smalley <sds@...ho.nsa.gov>,
James Morris <jmorris@...ei.org>,
Eric Paris <eparis@...isplace.org>,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, selinux@...ho.nsa.gov,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Octavian Purdila <opurdila@...acom.com>
Subject: [PATCH 1/2] security/selinux: Simplify proc inode to security label mapping
Currently selinux has incestuous knowledge of the implementation details
of procfs and sysctl that it uses to get a pathname from an inode. As it
happens the point we care is in the security_d_instantiate lsm hook so
we have a valid dentry that we can use to get the entire pathname on
the proc filesystem. With the recent change to sys_sysctl to go through
proc/sys all proc and sysctl accesses go through the vfs, which
means we no longer need a sysctl special case.
So get the path for the dentry, remove the incestuous knowledge
and simplify the code.
caveat: Because the dentry may not yet be hashed I think dentry_path will
append (deleted) and thus is not the right function to call.
Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com>
Signed-off-by: Lucian Adrian Grijincu <lucian.grijincu@...il.com>
---
security/selinux/hooks.c | 114 ++++-----------------------------------------
1 files changed, 11 insertions(+), 103 deletions(-)
View attachment "0001-security-selinux-Simplify-proc-inode-to-security-lab.patch" of type "text/x-patch" (4612 bytes)
Powered by blists - more mailing lists