From: "Serge E. Hallyn" <serue@us.ibm.com>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: hch@infradead.org, viro@zeniv.linux.org.uk,
casey@schaufler-ca.com, sds@tycho.nsa.gov,
matthew.dodd@sparta.com, trond.myklebust@fys.uio.no,
bfields@fieldses.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
labeled-nfs@linux-nfs.org
Subject: Re: [PATCH 03/14] Security: Add hook to calculate context based on a negative dentry.
Date: Tue, 30 Sep 2008 15:15:24 -0500 [thread overview]
Message-ID: <20080930201524.GC21039@us.ibm.com> (raw)
In-Reply-To: <1222707986-26606-4-git-send-email-dpquigl@tycho.nsa.gov>
Quoting David P. Quigley (dpquigl@tycho.nsa.gov):
> There is a time where we need to calculate a context without the
> inode having been created yet. To do this we take the negative dentry and
> calculate a context based on the process and the parent directory contexts.
>
> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
> Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
> ---
> include/linux/security.h | 14 ++++++++++++++
> security/security.c | 7 +++++++
> security/selinux/hooks.c | 36 ++++++++++++++++++++++++++++++++++++
> 3 files changed, 57 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 8b5b041..42b9128 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1379,6 +1379,9 @@ struct security_operations {
> void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
> struct super_block *newsb);
> int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
> + int (*dentry_init_security) (struct dentry *dentry, int mode,
> + void **ctx, u32 *ctxlen);
This of course needs a description at top of include/linux/security.h.
> +
>
> int (*inode_alloc_security) (struct inode *inode);
> void (*inode_free_security) (struct inode *inode);
> @@ -1651,6 +1654,8 @@ int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *o
> void security_sb_clone_mnt_opts(const struct super_block *oldsb,
> struct super_block *newsb);
> int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
> +int security_dentry_init_security (struct dentry *dentry, int mode,
> + void **ctx, u32 *ctxlen);
>
> int security_inode_alloc(struct inode *inode);
> void security_inode_free(struct inode *inode);
> @@ -1994,6 +1999,15 @@ static inline int security_inode_alloc(struct inode *inode)
> static inline void security_inode_free(struct inode *inode)
> { }
>
> +static inline int security_dentry_init_security (struct dentry *dentry,
> + int mode,
> + void **ctx,
> + u32 *ctxlen)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +
> static inline int security_inode_init_security(struct inode *inode,
> struct inode *dir,
> char **name,
> diff --git a/security/security.c b/security/security.c
> index d0fd42a..b22a110 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -349,6 +349,13 @@ void security_inode_free(struct inode *inode)
> security_ops->inode_free_security(inode);
> }
>
> +int security_dentry_init_security (struct dentry *dentry, int mode,
> + void **ctx, u32 *ctxlen)
> +{
> + return security_ops->dentry_init_security (dentry, mode, ctx, ctxlen);
> +}
> +EXPORT_SYMBOL(security_dentry_init_security);
> +
> int security_inode_init_security(struct inode *inode, struct inode *dir,
> char **name, void **value, size_t *len)
> {
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index b07871b..680db1d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2504,6 +2504,41 @@ static void selinux_inode_free_security(struct inode *inode)
> inode_free_security(inode);
> }
>
> +/*
> + * For now, we need a way to compute a SID for
Just 'Compute a SID for...' ?
> + * a dentry as the inode is not yet available
> + * (and under NFSv4 has no label backed by an EA anyway.
> + */
> +static int selinux_dentry_init_security(struct dentry *dentry, int mode, void **ctx, u32 *ctxlen)
> +{
> + struct task_security_struct *tsec;
> + struct inode_security_struct *dsec;
> + struct superblock_security_struct *sbsec;
> + struct inode *dir = dentry->d_parent->d_inode;
> + u32 newsid;
> + int rc;
> +
> + tsec = current->security;
> + dsec = dir->i_security;
> + sbsec = dir->i_sb->s_security;
> +
> + if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
> + newsid = tsec->create_sid;
> + } else {
> + rc = security_transition_sid(tsec->sid, dsec->sid,
> + inode_mode_to_security_class(mode),
> + &newsid);
> + if (rc) {
> + printk(KERN_WARNING "%s: "
> + "security_transition_sid failed, rc=%d\n",
> + __FUNCTION__, -rc);
> + return rc;
> + }
> + }
> +
> + return security_sid_to_context(newsid, (char **)ctx, ctxlen);
> +}
> +
> static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
> char **name, void **value,
> size_t *len)
> @@ -5413,6 +5448,7 @@ static struct security_operations selinux_ops = {
> .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
> .sb_parse_opts_str = selinux_parse_opts_str,
>
> + .dentry_init_security = selinux_dentry_init_security,
>
> .inode_alloc_security = selinux_inode_alloc_security,
> .inode_free_security = selinux_inode_free_security,
> --
> 1.5.5.1
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serue@us.ibm.com>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: hch@infradead.org, viro@zeniv.linux.org.uk,
casey@schaufler-ca.com, sds@tycho.nsa.gov,
matthew.dodd@sparta.com, trond.myklebust@fys.uio.no,
bfields@fieldses.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
labeled-nfs@linux-nfs.org
Subject: Re: [PATCH 03/14] Security: Add hook to calculate context based on a negative dentry.
Date: Tue, 30 Sep 2008 15:15:24 -0500 [thread overview]
Message-ID: <20080930201524.GC21039@us.ibm.com> (raw)
In-Reply-To: <1222707986-26606-4-git-send-email-dpquigl@tycho.nsa.gov>
Quoting David P. Quigley (dpquigl@tycho.nsa.gov):
> There is a time where we need to calculate a context without the
> inode having been created yet. To do this we take the negative dentry and
> calculate a context based on the process and the parent directory contexts.
>
> Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
> Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
> ---
> include/linux/security.h | 14 ++++++++++++++
> security/security.c | 7 +++++++
> security/selinux/hooks.c | 36 ++++++++++++++++++++++++++++++++++++
> 3 files changed, 57 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 8b5b041..42b9128 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1379,6 +1379,9 @@ struct security_operations {
> void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
> struct super_block *newsb);
> int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
> + int (*dentry_init_security) (struct dentry *dentry, int mode,
> + void **ctx, u32 *ctxlen);
This of course needs a description at top of include/linux/security.h.
> +
>
> int (*inode_alloc_security) (struct inode *inode);
> void (*inode_free_security) (struct inode *inode);
> @@ -1651,6 +1654,8 @@ int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *o
> void security_sb_clone_mnt_opts(const struct super_block *oldsb,
> struct super_block *newsb);
> int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
> +int security_dentry_init_security (struct dentry *dentry, int mode,
> + void **ctx, u32 *ctxlen);
>
> int security_inode_alloc(struct inode *inode);
> void security_inode_free(struct inode *inode);
> @@ -1994,6 +1999,15 @@ static inline int security_inode_alloc(struct inode *inode)
> static inline void security_inode_free(struct inode *inode)
> { }
>
> +static inline int security_dentry_init_security (struct dentry *dentry,
> + int mode,
> + void **ctx,
> + u32 *ctxlen)
> +{
> + return -EOPNOTSUPP;
> +}
> +
> +
> static inline int security_inode_init_security(struct inode *inode,
> struct inode *dir,
> char **name,
> diff --git a/security/security.c b/security/security.c
> index d0fd42a..b22a110 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -349,6 +349,13 @@ void security_inode_free(struct inode *inode)
> security_ops->inode_free_security(inode);
> }
>
> +int security_dentry_init_security (struct dentry *dentry, int mode,
> + void **ctx, u32 *ctxlen)
> +{
> + return security_ops->dentry_init_security (dentry, mode, ctx, ctxlen);
> +}
> +EXPORT_SYMBOL(security_dentry_init_security);
> +
> int security_inode_init_security(struct inode *inode, struct inode *dir,
> char **name, void **value, size_t *len)
> {
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index b07871b..680db1d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2504,6 +2504,41 @@ static void selinux_inode_free_security(struct inode *inode)
> inode_free_security(inode);
> }
>
> +/*
> + * For now, we need a way to compute a SID for
Just 'Compute a SID for...' ?
> + * a dentry as the inode is not yet available
> + * (and under NFSv4 has no label backed by an EA anyway.
> + */
> +static int selinux_dentry_init_security(struct dentry *dentry, int mode, void **ctx, u32 *ctxlen)
> +{
> + struct task_security_struct *tsec;
> + struct inode_security_struct *dsec;
> + struct superblock_security_struct *sbsec;
> + struct inode *dir = dentry->d_parent->d_inode;
> + u32 newsid;
> + int rc;
> +
> + tsec = current->security;
> + dsec = dir->i_security;
> + sbsec = dir->i_sb->s_security;
> +
> + if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
> + newsid = tsec->create_sid;
> + } else {
> + rc = security_transition_sid(tsec->sid, dsec->sid,
> + inode_mode_to_security_class(mode),
> + &newsid);
> + if (rc) {
> + printk(KERN_WARNING "%s: "
> + "security_transition_sid failed, rc=%d\n",
> + __FUNCTION__, -rc);
> + return rc;
> + }
> + }
> +
> + return security_sid_to_context(newsid, (char **)ctx, ctxlen);
> +}
> +
> static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
> char **name, void **value,
> size_t *len)
> @@ -5413,6 +5448,7 @@ static struct security_operations selinux_ops = {
> .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
> .sb_parse_opts_str = selinux_parse_opts_str,
>
> + .dentry_init_security = selinux_dentry_init_security,
>
> .inode_alloc_security = selinux_inode_alloc_security,
> .inode_free_security = selinux_inode_free_security,
> --
> 1.5.5.1
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-09-30 20:15 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-29 17:06 [RFC v3] Security Label Support for NFSv4 David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 01/14] VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-30 19:51 ` Serge E. Hallyn
2008-09-30 19:51 ` Serge E. Hallyn
2008-09-29 17:06 ` [PATCH 02/14] LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-30 20:01 ` Serge E. Hallyn
2008-09-30 20:01 ` Serge E. Hallyn
2008-10-06 20:52 ` David P. Quigley
2008-10-06 20:52 ` David P. Quigley
2008-09-30 20:22 ` Serge E. Hallyn
2008-09-30 20:22 ` Serge E. Hallyn
2008-10-06 20:52 ` David P. Quigley
2008-10-06 20:52 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 03/14] Security: Add hook to calculate context based on a negative dentry David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-30 20:15 ` Serge E. Hallyn [this message]
2008-09-30 20:15 ` Serge E. Hallyn
2008-10-10 17:54 ` David P. Quigley
2008-10-10 17:54 ` David P. Quigley
2008-10-10 17:54 ` David P. Quigley
2008-10-10 18:26 ` Serge E. Hallyn
2008-10-10 18:26 ` Serge E. Hallyn
2008-09-29 17:06 ` [PATCH 04/14] Security: Add Hook to test if the particular xattr is part of a MAC model David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 05/14] SELinux: Add new labeling type native labels David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 06/14] KConfig: Add KConfig entries for Labeled NFS David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-30 20:40 ` Serge E. Hallyn
2008-09-30 20:40 ` Serge E. Hallyn
2008-09-29 17:06 ` [PATCH 07/14] NFSv4: Add label recommended attribute and NFSv4 flags David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 08/14] NFS: Add security_label text mount option and handling code to NFS David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 09/14] NFS: Introduce lifecycle management for label attribute David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 10/14] NFSv4: Introduce new label structure David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 11/14] NFS/RPC: Add the auth_seclabel security flavor to allow the process label to be sent to the server David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-10-03 14:23 ` Andy Whitcroft
2008-10-03 15:44 ` Matthew N. Dodd
2008-09-29 17:06 ` [PATCH 12/14] NFS: Client implementation of Labeled-NFS David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 13/14] NFS: Extend NFS xattr handlers to accept the security namespace David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-09-29 17:06 ` [PATCH 14/14] NFSD: Server implementation of MAC Labeling David P. Quigley
2008-09-29 17:06 ` David P. Quigley
2008-10-13 23:31 ` [RFC v3] Security Label Support for NFSv4 James Morris
2008-10-13 23:31 ` James Morris
2008-10-14 2:15 ` [Labeled-nfs] " Matthew N. Dodd
2008-10-14 13:20 ` Trond Myklebust
2008-10-14 14:28 ` David P. Quigley
2008-10-14 14:28 ` David P. Quigley
-- strict thread matches above, loose matches on Subject: below --
2008-09-15 20:41 [RFC] Labeled NFS Take 2 David P. Quigley
2008-09-15 20:41 ` [PATCH 03/14] Security: Add hook to calculate context based on a negative dentry David P. Quigley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080930201524.GC21039@us.ibm.com \
--to=serue@us.ibm.com \
--cc=bfields@fieldses.org \
--cc=casey@schaufler-ca.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=hch@infradead.org \
--cc=labeled-nfs@linux-nfs.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthew.dodd@sparta.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=trond.myklebust@fys.uio.no \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.