From: Chris Wright <chrisw@osdl.org>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Andrew Morton <akpm@osdl.org>,
lkml <linux-kernel@vger.kernel.org>,
Jeff Mahoney <jeffm@suse.com>, James Morris <jmorris@redhat.com>,
Chris Wright <chrisw@osdl.org>
Subject: Re: 2.6.10-rc2-mm4
Date: Tue, 30 Nov 2004 11:29:03 -0800 [thread overview]
Message-ID: <20041130112903.C2357@build.pdx.osdl.net> (raw)
In-Reply-To: <1101842310.4401.111.camel@moss-spartans.epoch.ncsc.mil>; from sds@epoch.ncsc.mil on Tue, Nov 30, 2004 at 02:18:30PM -0500
* Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> On Tue, 2004-11-30 at 12:50, Andrew Morton wrote:
> > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc2/2.6.10-rc2-mm4/
> <snip>
> > selinux-adds-a-private-inode-operation.patch
> > selinux: adds a private inode operation
>
> Below is a re-base to 2.6.10-rc2-mm4 of a patch I posted earlier during
> the original discussion of the above referenced patch. This patch
> removes the unnecessary code in inode_doinit_with_dentry, replaces the
> unused inherits flag field (legacy from earlier code) with a private
> flag field, does not set the SID in selinux_inode_mark_private (leaving
> it with the unlabeled SID, which will ensure that we notice it if it
> ever reaches a SELinux permission check), and modifies SELinux
> permission checking functions and post_create() to test for the private
> flag and skip SELinux processing in that case. Please include if/when
> the reiserfs/selinux patchset goes upstream. I know that Chris Wright
> had raised the question of whether we should be using i_flags to convey
> the "private" nature of the inode rather than using a security hook, but
> didn't see any resolution of that issue.
My concerns are that the check has to be duplicated in any module,
and that thus far we've tried to keep out fs -> module communication,
letting vfs do it. This could at least be fs -> vfs communication,
and then either vfs or security framework could check flags and never
call into module on fs private objects.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2004-11-30 19:33 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-30 17:50 2.6.10-rc2-mm4 Andrew Morton
2004-11-30 18:06 ` 2.6.10-rc2-mm4 Arjan van de Ven
2004-11-30 18:21 ` 2.6.10-rc2-mm4 Andrew Morton
2004-11-30 18:25 ` 2.6.10-rc2-mm4 Arjan van de Ven
2004-11-30 18:32 ` 2.6.10-rc2-mm4 Andrew Morton
2004-11-30 17:44 ` 2.6.10-rc2-mm4 Alan Cox
2004-11-30 19:46 ` 2.6.10-rc2-mm4 Andrew Morton
2004-11-30 19:36 ` 2.6.10-rc2-mm4 Arjan van de Ven
2004-11-30 18:48 ` 2.6.10-rc2-mm4 William Lee Irwin III
2004-12-02 8:03 ` 2.6.10-rc2-mm4 Jes Sorensen
2004-12-02 8:01 ` 2.6.10-rc2-mm4 Jes Sorensen
2004-11-30 18:31 ` 2.6.10-rc2-mm4 Christoph Hellwig
2004-11-30 18:38 ` 2.6.10-rc2-mm4 Alan Cox
2004-11-30 18:30 ` 2.6.10-rc2-mm4 Christoph Hellwig
2004-11-30 19:18 ` 2.6.10-rc2-mm4 Stephen Smalley
2004-11-30 19:29 ` Chris Wright [this message]
2004-11-30 19:43 ` 2.6.10-rc2-mm4 Christoph Hellwig
2004-11-30 19:55 ` 2.6.10-rc2-mm4 Jeff Mahoney
2004-12-01 23:32 ` 2.6.10-rc2-mm4 Jeffrey Mahoney
2004-12-02 1:01 ` 2.6.10-rc2-mm4 Chris Wright
2004-12-02 1:11 ` 2.6.10-rc2-mm4 Jeff Mahoney
2004-12-02 13:32 ` 2.6.10-rc2-mm4 Stephen Smalley
2004-12-02 13:15 ` 2.6.10-rc2-mm4 Stephen Smalley
2004-12-07 19:57 ` 2.6.10-rc2-mm4 Jeff Mahoney
2004-12-07 20:28 ` 2.6.10-rc2-mm4 Stephen Smalley
2004-12-07 22:46 ` 2.6.10-rc2-mm4 Jeff Mahoney
2004-12-08 13:28 ` 2.6.10-rc2-mm4 Stephen Smalley
2004-11-30 23:07 ` 2.6.10-rc2-mm4 - cifs.ko needs unknown symbol CIFSSMBSetPosixACL Eyal Lebedinsky
2004-11-30 23:53 ` Andrew Morton
2004-12-01 1:37 ` 2.6.10-rc2-mm4 Matthew Dobson
2004-12-03 9:23 ` 2.6.10-rc2-mm4 Andi Kleen
2004-12-01 8:43 ` 2.6.10-rc2-mm4 - cifs.ko needs unknown symbol CIFSSMBSetPosixACL Eyal Lebedinsky
2004-12-01 21:10 ` 2.6.10-rc2-mm4 Adrian Bunk
2004-12-01 22:26 ` 2.6.10-rc2-mm4 Bill Davidsen
2004-12-02 0:18 ` 2.6.10-rc2-mm4 Bjorn Helgaas
2004-12-01 22:26 ` 2.6.10-rc2-mm4: NUMA-related oops on dual-Opteron Rafael J. Wysocki
2004-12-02 1:01 ` [PATCH] make gconfig work with gtk-2.4 J.A. Magallon
2004-12-02 8:21 ` Andrew Morton
2004-12-02 12:56 ` Roman Zippel
2004-12-02 13:22 ` J.A. Magallon
2004-12-03 9:06 ` [PATCH hostap] fix Kconfig typos and missing select CRYPTO (was: 2.6.10-rc2-mm4) Joshua Kwan
2004-12-03 9:50 ` oom goodness Re: 2.6.10-rc2-mm4 Chris Ross
2004-12-03 16:07 ` Randy.Dunlap
2004-12-03 22:16 ` Thomas Gleixner
2004-12-09 11:07 ` 2.6.10-rc2-mm4 William Lee Irwin III
-- strict thread matches above, loose matches on Subject: below --
2004-11-30 18:29 2.6.10-rc2-mm4 Petr Vandrovec
2004-11-30 18:38 ` 2.6.10-rc2-mm4 Alan Cox
2004-12-03 21:59 2.6.10-rc2-mm4 Terence Ripperda
2004-12-05 19:46 ` 2.6.10-rc2-mm4 Alan Cox
[not found] <41BF2332.mailL911D9Q6T@suse.de.suse.lists.linux.kernel>
2004-12-14 19:00 ` 2.6.10-rc2-mm4 Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041130112903.C2357@build.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=akpm@osdl.org \
--cc=jeffm@suse.com \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.