From: Stephen Smalley <sds@tycho.nsa.gov>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: David Howells <dhowells@redhat.com>,
"David P. Quigley" <dpquigl@tycho.nsa.gov>,
Greg KH <greg@kroah.com>,
linux-kernel@vger.kernel.org, Greg KH <gregkh@suse.de>,
Jan Blunck <jblunck@suse.de>, James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [patch 00/13] devtmpfs patches
Date: Wed, 13 May 2009 10:35:58 -0400 [thread overview]
Message-ID: <1242225358.9974.26.camel@localhost.localdomain> (raw)
In-Reply-To: <ac3eb2510905130720x38de25adxc83b10aea0b86ce1@mail.gmail.com>
On Wed, 2009-05-13 at 16:20 +0200, Kay Sievers wrote:
> On Wed, May 13, 2009 at 15:34, Kay Sievers <kay.sievers@vrfy.org> wrote:
>
> >>> + kern_cred = prepare_kernel_cred(NULL);
> >>
> >> If you have no intention of altering the credentials you create, you might
> >> want to use &init_cred instead of kern_cred. That said, you might want to
> >> allocate it and let the security module alter it before you use it.
> >
> > Ah, didn't know that it was exported. It's the one in
> > include/linux/init_task.h, right? I'll give that a try.
>
> That seems to work fine here. Thanks a lot for the help.
>
> Maybe we could do the same credential swap in sysfs, and get rid of:
> /**
> * lookup_one_noperm - bad hack for sysfs
> * @name: pathname component to lookup
> * @base: base directory to lookup from
> *
> * This is a variant of lookup_one_len that doesn't perform any permission
> * checks. It's a horrible hack to work around the braindead sysfs
> * architecture and should not be used anywhere else.
> *
> * DON'T USE THIS FUNCTION EVER, thanks.
> */
>
> in fs/namei.c?
>
> Seems a bit odd to have a vfs function for a single filesystem, called
> from a single location, and annotated as "do not use". Christoph added
> the comment a while ago, so adding him to Cc:.
Yes, that makes sense to me as well - we didn't have the credentials
infrastructure in place at the time that lookup_one_noperm was
introduced, but switching the credentials around a normal lookup_one_len
call should work now.
--
Stephen Smalley
National Security Agency
next prev parent reply other threads:[~2009-05-13 14:43 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090509142601.874865281@blue.kroah.org>
2009-05-09 14:37 ` [patch 00/13] devtmpfs patches Greg KH
2009-05-09 14:26 ` [patch 01/13] Driver Core: add nodename callbacks Greg KH
2009-05-10 12:52 ` Stephen Rothwell
2009-05-10 13:19 ` Kay Sievers
2009-05-11 20:51 ` Greg KH
2009-05-09 14:26 ` [patch 02/13] Driver Core: misc: add nodename support for misc devices Greg KH
2009-05-15 19:58 ` Pavel Machek
2009-05-18 14:34 ` Greg KH
2009-05-18 19:59 ` Pavel Machek
2009-05-18 20:28 ` Alan Cox
2009-05-09 14:26 ` [patch 03/13] Driver Core: usb: add nodename support for usb drivers Greg KH
2009-05-09 14:26 ` [patch 04/13] Driver Core: block: add nodename support for block drivers Greg KH
2009-05-09 14:26 ` [patch 05/13] Driver Core: x86: add nodename for cpuid and msr drivers Greg KH
2009-05-09 14:26 ` [patch 06/13] Driver Core: dvb: add nodename for dvb drivers Greg KH
2009-05-09 14:26 ` [patch 07/13] Driver Core: input: add nodename for input drivers Greg KH
2009-05-09 14:26 ` [patch 08/13] Driver Core: sound: add nodename for sound drivers Greg KH
2009-05-09 14:26 ` [patch 09/13] Driver Core: raw: add nodename for raw devices Greg KH
2009-05-09 14:26 ` [patch 10/13] Driver Core: drm: add nodename for drm devices Greg KH
2009-05-09 14:26 ` [patch 11/13] Driver Core: aoe: add nodename for aoe devices Greg KH
2009-05-09 14:26 ` [patch 12/13] Driver Core: bsg: add nodename for bsg driver Greg KH
2009-05-09 14:26 ` [patch 13/13] Driver Core: devtmpfs - driver core maintained /dev tmpfs Greg KH
2009-05-09 15:10 ` [patch 00/13] devtmpfs patches Fabio Comolli
2009-05-09 15:08 ` Greg KH
2009-05-09 15:22 ` Arjan van de Ven
2009-05-09 16:19 ` Greg KH
2009-05-09 19:09 ` Arjan van de Ven
2009-05-10 4:34 ` Arjan van de Ven
2009-05-10 7:48 ` Eric W. Biederman
2009-05-10 14:56 ` Eric W. Biederman
2009-05-10 5:34 ` Andrew Morton
2009-05-10 15:20 ` Greg KH
2009-05-10 15:59 ` Arjan van de Ven
2009-05-10 18:31 ` Peter Zijlstra
2009-05-10 21:19 ` Alan Cox
2009-05-10 23:47 ` Kay Sievers
2009-05-11 0:00 ` Arjan van de Ven
[not found] ` <ac3eb2510905101822t7fde14b3nf2c689621f69c925@mail.gmail.com>
2009-05-11 2:36 ` Eric W. Biederman
2009-05-11 10:46 ` Kay Sievers
2009-05-11 10:55 ` Alan Cox
2009-05-11 11:34 ` Kay Sievers
2009-05-11 13:05 ` [patch 00/13] devtmpfs Arjan van de Ven
2009-05-11 13:28 ` Kay Sievers
2009-05-11 13:49 ` Arjan van de Ven
2009-05-11 14:59 ` Kay Sievers
2009-05-11 13:10 ` [patch 00/13] devtmpfs patches Alan Cox
2009-05-11 14:14 ` Kay Sievers
2009-05-11 14:30 ` Arjan van de Ven
2009-05-11 14:42 ` Kay Sievers
2009-05-11 15:53 ` Alan Cox
2009-05-11 16:28 ` Kay Sievers
2009-05-11 16:41 ` Arjan van de Ven
2009-05-11 17:32 ` Kay Sievers
2009-05-11 17:55 ` Alan Cox
2009-05-11 18:04 ` Kay Sievers
2009-05-11 18:40 ` Alan Cox
2009-05-11 16:56 ` Alan Cox
2009-05-11 18:13 ` Eric W. Biederman
2009-05-11 3:55 ` Arjan van de Ven
2009-05-11 11:49 ` Fabio Comolli
2009-05-11 17:47 ` Greg KH
2009-05-11 16:40 ` Eric W. Biederman
2009-05-11 17:16 ` Kay Sievers
2009-05-11 21:13 ` Eric W. Biederman
2009-05-11 1:00 ` Andrew Morton
2009-05-11 3:58 ` Arjan van de Ven
2009-05-11 17:45 ` Greg KH
2009-05-09 16:46 ` Kay Sievers
2009-05-09 17:11 ` Alan Cox
2009-05-09 18:09 ` Kay Sievers
2009-05-11 17:40 ` David P. Quigley
2009-05-11 17:56 ` Greg KH
2009-05-11 20:41 ` David P. Quigley
2009-05-11 21:05 ` Kay Sievers
2009-05-11 21:19 ` Alan Cox
2009-05-11 21:27 ` Kay Sievers
2009-05-12 12:45 ` Stephen Smalley
2009-05-12 15:10 ` Kay Sievers
2009-05-12 15:35 ` Stephen Smalley
2009-05-12 15:54 ` Kay Sievers
2009-05-12 22:55 ` Kay Sievers
2009-05-12 23:22 ` David P. Quigley
2009-05-12 23:34 ` Kay Sievers
2009-05-12 23:50 ` Greg KH
2009-05-13 12:22 ` Stephen Smalley
2009-05-13 12:58 ` Kay Sievers
2009-05-13 12:57 ` Stephen Smalley
2009-05-13 13:09 ` Kay Sievers
2009-05-13 12:59 ` Alan Cox
2009-05-13 13:20 ` David Howells
2009-05-13 13:34 ` Kay Sievers
2009-05-13 14:20 ` Kay Sievers
2009-05-13 14:35 ` Stephen Smalley [this message]
2009-05-13 16:45 ` Kay Sievers
2009-05-13 22:43 ` Eric W. Biederman
2009-05-13 23:10 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1242225358.9974.26.camel@localhost.localdomain \
--to=sds@tycho.nsa.gov \
--cc=dhowells@redhat.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=eparis@parisplace.org \
--cc=greg@kroah.com \
--cc=gregkh@suse.de \
--cc=hch@infradead.org \
--cc=jblunck@suse.de \
--cc=jmorris@namei.org \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.