[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201105220745.GB2555324@gmail.com>
Date: Thu, 5 Nov 2020 14:07:45 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Lokesh Gidra <lokeshgidra@...gle.com>
Cc: Andrea Arcangeli <aarcange@...hat.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
James Morris <jmorris@...ei.org>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Casey Schaufler <casey@...aufler-ca.com>,
"Serge E. Hallyn" <serge@...lyn.com>,
Paul Moore <paul@...l-moore.com>,
Eric Paris <eparis@...isplace.org>,
Daniel Colascione <dancol@...col.org>,
Kees Cook <keescook@...omium.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
KP Singh <kpsingh@...gle.com>,
David Howells <dhowells@...hat.com>,
Thomas Cedeno <thomascedeno@...gle.com>,
Anders Roxell <anders.roxell@...aro.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
Matthew Garrett <matthewgarrett@...gle.com>,
Aaron Goidel <acgoide@...ho.nsa.gov>,
Randy Dunlap <rdunlap@...radead.org>,
"Joel Fernandes (Google)" <joel@...lfernandes.org>,
YueHaibing <yuehaibing@...wei.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Alexei Starovoitov <ast@...nel.org>,
Alexey Budankov <alexey.budankov@...ux.intel.com>,
Adrian Reber <areber@...hat.com>,
Aleksa Sarai <cyphar@...har.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
kaleshsingh@...gle.com, calin@...gle.com, surenb@...gle.com,
nnk@...gle.com, jeffv@...gle.com, kernel-team@...roid.com,
linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>,
hch@...radead.org
Subject: Re: [PATCH v11 1/4] security: add inode_init_security_anon() LSM hook
On Thu, Nov 05, 2020 at 01:33:21PM -0800, Lokesh Gidra wrote:
> This change adds a new LSM hook, inode_init_security_anon(), that
> will be used while creating secure anonymous inodes.
Will be used to do what? To assign a security context to the inode and to
allow/deny creating it, right?
>
> The new hook accepts an optional context_inode parameter that
> callers can use to provide additional contextual information to
> security modules for granting/denying permission to create an anon-
> inode of the same type.
It looks like the hook also uses the context_inode parameter to assign a
security context to the inode. Is that correct? It looks like that's what the
code does, so if you could get the commit messages in sync, that would be
helpful. I'm actually still not completely sure I'm understanding the intent
here, given that different places say different things.
- Eric
Powered by blists - more mailing lists