From: Matthew Wilcox <matthew@wil.cx>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: viro@zeniv.linux.org.uk, miklos@szeredi.hu, ezk@cs.sunysb.edu,
akpm@linux-foundation.org, dave@linux.vnet.ibm.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Call LSM functions outside VFS helper functions.
Date: Thu, 10 Apr 2008 06:17:25 -0600 [thread overview]
Message-ID: <20080410121725.GP11962@parisc-linux.org> (raw)
In-Reply-To: <200804102102.JFI05247.OVJOFHFStLOFQM@I-love.SAKURA.ne.jp>
On Thu, Apr 10, 2008 at 09:02:57PM +0900, Tetsuo Handa wrote:
> If the conclusion became "vfsmount should not be passed to
> VFS helper functions", that's OK, but I want you to consider
> the below approach for AppArmor and TOMOYO Linux. This patch is a repost of
> http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024 .
I'm a little disappointed that you simply repost this patch rather than
responding to my post from yesterday:
> How about an approach which doesn't require the vfsmount to be passed
> down?
>
> When the rule is put in place, say "No modifications to /etc/passwd",
> look up the inode and major:minor of /etc/passwd. If there's a rename,
> look up the new inode number. If it's mounted elsewhere, it doesn't
> matter, they still can't modify it because it has the same
> major:minor:inode.
>
> Is this workable?
Could you respond to this please?
--
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
next prev parent reply other threads:[~2008-04-10 12:17 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-02 20:12 [patch 00/10] vfs: add helpers to check r/o bind mounts Miklos Szeredi
2008-04-02 20:12 ` [patch 01/10] vfs: add path_create() and path_mknod() Miklos Szeredi
2008-04-02 20:54 ` Al Viro
2008-04-02 21:11 ` Miklos Szeredi
2008-04-02 21:48 ` Al Viro
2008-04-02 22:21 ` Trond Myklebust
2008-04-02 22:36 ` Al Viro
2008-04-02 23:19 ` Trond Myklebust
2008-04-02 23:40 ` Al Viro
2008-04-02 23:47 ` Al Viro
2008-04-03 0:42 ` Trond Myklebust
2008-04-03 0:47 ` Erez Zadok
2008-04-03 1:00 ` Al Viro
2008-04-03 1:37 ` Erez Zadok
2008-04-03 1:46 ` Al Viro
2008-04-03 2:21 ` Erez Zadok
2008-04-03 2:32 ` Al Viro
2008-04-03 23:24 ` Erez Zadok
2008-04-04 11:04 ` Miklos Szeredi
2008-04-03 0:58 ` Al Viro
2008-04-03 7:32 ` Miklos Szeredi
2008-04-03 22:32 ` Erez Zadok
2008-04-03 12:33 ` Stephen Smalley
2008-04-02 21:00 ` Dave Hansen
2008-04-02 21:19 ` Dave Hansen
2008-04-02 20:12 ` [patch 02/10] vfs: add path_mkdir() Miklos Szeredi
2008-04-02 22:15 ` Erez Zadok
2008-04-02 20:12 ` [patch 03/10] vfs: add path_rmdir() Miklos Szeredi
2008-04-02 20:12 ` [patch 04/10] vfs: add path_unlink() Miklos Szeredi
2008-04-02 20:12 ` [patch 05/10] vfs: add path_symlink() Miklos Szeredi
2008-04-02 20:12 ` [patch 06/10] vfs: add path_link() Miklos Szeredi
2008-04-02 20:12 ` [patch 07/10] vfs: add path_rename() Miklos Szeredi
2008-04-04 17:56 ` Erez Zadok
2008-04-04 18:04 ` Miklos Szeredi
2008-04-02 20:12 ` [patch 08/10] vfs: add path_setattr() Miklos Szeredi
2008-04-02 20:12 ` [patch 09/10] vfs: add path_setxattr() Miklos Szeredi
2008-04-02 20:12 ` [patch 10/10] vfs: add path_removexattr() Miklos Szeredi
2008-04-02 21:22 ` [patch 00/10] vfs: add helpers to check r/o bind mounts Erez Zadok
2008-04-09 0:53 ` [PATCH] Unionfs: use the new path_* VFS helpers Erez Zadok
2008-04-10 11:10 ` Miklos Szeredi
2008-04-10 12:02 ` [PATCH] Call LSM functions outside VFS helper functions Tetsuo Handa
2008-04-10 12:17 ` Matthew Wilcox [this message]
2008-04-10 12:56 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080410121725.GP11962@parisc-linux.org \
--to=matthew@wil.cx \
--cc=akpm@linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=ezk@cs.sunysb.edu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.