From: Christoph Hellwig <hch@lst.de>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: casey@schaufler-ca.com, chrisw@sous-sol.org, sds@tycho.nsa.gov,
jmorris@namei.org, hch@lst.de, viro@zeniv.linux.org.uk,
selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information.
Date: Thu, 6 Mar 2008 13:30:13 +0100 [thread overview]
Message-ID: <20080306123013.GB4648@lst.de> (raw)
In-Reply-To: <1204743288-3461-3-git-send-email-dpquigl@tycho.nsa.gov>
On Wed, Mar 05, 2008 at 01:54:48PM -0500, David P. Quigley wrote:
> This patch introduces two new hooks. One to get all relevant information from
> an LSM about an inode an the second given that context to set it on the
> inode. The setcontext call takes a flag to indicate if it should set the incore
> representation, the ondisk representation or both. This hook is for use in the
> labeled NFS code and addresses concerns of how to set security on an inode in a
> multi-xattr LSM.
I don't quite understand the rationale of the incore vs ondisk flag.
Why are these separate?
> + int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen, int flags);
> + int (*inode_getsecctx)(struct dentry *dentry, void **ctx, u32 *ctxlen);
The dentry in here seems odd given the inode name. Given that we're
talking about per-inode security labels here an struct inode * would
make more sense to me.
next prev parent reply other threads:[~2008-03-06 12:30 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-05 18:54 [RFC]Introduce generalized hooks for getting and setting inode secctx David P. Quigley
2008-03-05 18:54 ` David P. Quigley
2008-03-05 18:54 ` [PATCH 1/2] VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx David P. Quigley
2008-03-05 18:54 ` David P. Quigley
2008-03-06 12:27 ` Christoph Hellwig
2008-03-06 16:47 ` Dave Quigley
2008-03-06 16:47 ` Dave Quigley
2008-03-07 10:05 ` Christoph Hellwig
2008-03-07 16:10 ` Dave Quigley
2008-03-07 16:10 ` Dave Quigley
2008-03-07 17:11 ` Casey Schaufler
2008-03-07 17:11 ` Casey Schaufler
2008-03-07 17:37 ` Dave Quigley
2008-03-07 17:37 ` Dave Quigley
2008-03-07 18:14 ` Casey Schaufler
2008-03-07 18:14 ` Casey Schaufler
2008-03-07 18:17 ` Stephen Smalley
2008-03-07 18:17 ` Stephen Smalley
2008-03-07 18:49 ` Casey Schaufler
2008-03-07 18:49 ` Casey Schaufler
2008-03-07 19:17 ` Stephen Smalley
2008-03-07 19:17 ` Stephen Smalley
2008-03-07 19:48 ` Casey Schaufler
2008-03-07 19:48 ` Casey Schaufler
2008-03-07 20:05 ` Stephen Smalley
2008-03-07 20:05 ` Stephen Smalley
2008-03-07 21:13 ` Casey Schaufler
2008-03-07 21:13 ` Casey Schaufler
2008-03-10 12:37 ` Stephen Smalley
2008-03-10 12:37 ` Stephen Smalley
2008-03-07 20:28 ` Chris Wright
2008-03-07 20:28 ` Chris Wright
2008-03-05 18:54 ` [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information David P. Quigley
2008-03-05 18:54 ` David P. Quigley
2008-03-05 20:45 ` Paul Moore
2008-03-05 20:45 ` Paul Moore
2008-03-05 20:54 ` Stephen Smalley
2008-03-05 20:54 ` Stephen Smalley
2008-03-05 22:28 ` Casey Schaufler
2008-03-05 22:28 ` Casey Schaufler
2008-03-06 12:30 ` Christoph Hellwig [this message]
2008-03-06 13:50 ` Stephen Smalley
2008-03-06 13:50 ` Stephen Smalley
2008-03-06 13:54 ` Christoph Hellwig
2008-03-06 14:05 ` Stephen Smalley
2008-03-06 14:05 ` Stephen Smalley
2008-03-06 14:07 ` Christoph Hellwig
2008-03-06 14:25 ` James Morris
2008-03-06 14:25 ` James Morris
2008-03-06 14:48 ` Stephen Smalley
2008-03-06 14:48 ` Stephen Smalley
2008-03-06 17:13 ` Dave Quigley
2008-03-06 17:13 ` Dave Quigley
2008-03-07 10:03 ` Christoph Hellwig
2008-03-07 16:06 ` Dave Quigley
2008-03-07 16:06 ` Dave Quigley
2008-03-07 16:54 ` Miklos Szeredi
2008-03-07 17:30 ` Dave Quigley
2008-03-07 17:30 ` Dave Quigley
2008-03-07 20:24 ` Miklos Szeredi
2008-03-07 21:07 ` Dave Quigley
2008-03-07 21:07 ` Dave Quigley
2008-03-07 21:46 ` Miklos Szeredi
2008-03-08 0:24 ` Brad Boyer
2008-03-07 21:23 ` Dave Quigley
2008-03-07 21:23 ` Dave Quigley
2008-03-08 11:49 ` Christoph Hellwig
-- strict thread matches above, loose matches on Subject: below --
2008-03-18 18:57 [RFC]Introduce generalized hooks for getting and setting inode secctx v3 David P. Quigley
2008-03-18 18:57 ` [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information David P. Quigley
2008-03-18 18:57 ` David P. Quigley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080306123013.GB4648@lst.de \
--to=hch@lst.de \
--cc=casey@schaufler-ca.com \
--cc=chrisw@sous-sol.org \
--cc=dpquigl@tycho.nsa.gov \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.