| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Feb 2020 11:49:27 -0500
From: Stephen Smalley <sds@...ho.nsa.gov>
To: Daniel Colascione <dancol@...gle.com>, timmurray@...gle.com,
nosh@...gle.com, nnk@...gle.com, lokeshgidra@...gle.com,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
selinux@...r.kernel.org
Subject: Re: [PATCH v2 2/6] Add a concept of a "secure" anonymous file
On 2/11/20 5:55 PM, Daniel Colascione wrote:
> A secure anonymous file is one we hooked up to its own inode (as
> opposed to the shared inode we use for non-secure anonymous files). A
> new selinux hook gives security modules a chance to initialize, label,
> and veto the creation of these secure anonymous files. Security
> modules had limit ability to interact with non-secure anonymous files
> due to all of these files sharing a single inode.
>
> Signed-off-by: Daniel Colascione <dancol@...gle.com>
(please add linux-fsdevel, viro, linux-security-module,
jmorris@...ei.org, serge@...lyn.com to cc on future versions of this
patch since it is a VFS and a LSM change)
> --- > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 20d8cf194fb7..ba208ce5711d 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -215,6 +215,10 @@
> * Returns 0 if @name and @value have been successfully set,
> * -EOPNOTSUPP if no security attribute is needed, or
> * -ENOMEM on memory allocation failure.
> + * @inode_init_security_anon:
> + * Set up a secure anonymous inode.
> + * Returns 0 on success. Returns -EPERM if the security module denies
> + * the creation of this inode.
Please document the parameters for the hook as well.
Powered by blists - more mailing lists