[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240326-halbkreis-wegstecken-8d5886e54d28@brauner>
Date: Tue, 26 Mar 2024 12:40:20 +0100
From: Christian Brauner <brauner@...nel.org>
To: Roberto Sassu <roberto.sassu@...wei.com>
Cc: Al Viro <viro@...iv.linux.org.uk>, Steve French <smfrench@...il.com>,
LKML <linux-kernel@...r.kernel.org>, linux-fsdevel <linux-fsdevel@...r.kernel.org>,
CIFS <linux-cifs@...r.kernel.org>, Paulo Alcantara <pc@...guebit.com>,
Christian Brauner <christian@...uner.io>, Mimi Zohar <zohar@...ux.ibm.com>,
Paul Moore <paul@...l-moore.com>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>
Subject: Re: kernel crash in mknod
> we can change the parameter of security_path_post_mknod() from
> dentry to inode?
If all current callers only operate on the inode then it seems the best
to only pass the inode. If there's some reason someone later needs a
dentry the hook can always be changed.
For bigger changes it's also worthwhile if the object that's passed down
into the hook-based LSM layer is as specific as possible. If someone
does a change that affects lifetime rules of mounts then any hook that
takes a struct path argument that's unused means going through each LSM
that implements the hook only to find out it's not actually used.
Similar for dentry vs inode imho.
Powered by blists - more mailing lists