[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BANLkTimgn19+T4uFmNgjD1bqVYV3q-3sMA@mail.gmail.com>
Date: Thu, 28 Apr 2011 13:56:03 -0400
From: Eric Paris <eparis@...isplace.org>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: Roberto Sassu <roberto.sassu@...ito.it>,
Tyler Hicks <tyhicks@...ux.vnet.ibm.com>,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
dhowells@...hat.com, jmorris@...ei.org, zohar@...ux.vnet.ibm.com,
safford@...son.ibm.com, kirkland@...onical.com,
ecryptfs-devel@...ts.launchpad.net, eparis@...hat.com,
sds@...ho.nsa.gov, selinux@...ho.nsa.gov, viro@...iv.linux.org.uk,
john.johansen@...onical.com, apparmor@...ts.ubuntu.com
Subject: Re: [RFC][PATCH 0/7] File descriptor labeling
On Thu, Apr 28, 2011 at 1:37 PM, Casey Schaufler <casey@...aufler-ca.com> wrote:
> On 4/28/2011 5:35 AM, Roberto Sassu wrote:
>> On Thursday, April 28, 2011 01:27:19 AM Tyler Hicks wrote:
>>> On Wed Apr 27, 2011 at 01:19:55PM -0700, Casey Schaufler <casey@...aufler-ca.com> wrote:
>>>> On 4/27/2011 5:34 AM, Roberto Sassu wrote:
> On this point I most strongly disagree.
Casey, I'm glad you're trying to figure out what's going on here
because I certainly don't understand all the problems!
If there were some mechanism by which the 'lower' inode could be ONLY
accessibly by ecyptfs kernel internals it oculd be marked IS_PRIVATE
and skip all security checks on it. Then you only have SELinux
security checks on the upper inode. Which seems to make sense. My
problem is that this is ONLY acceptable if there is no way for
userspace to directly reference the lower struct inode.
Just a thought.
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists