From: "Serge E. Hallyn" <serge@hallyn.com>
To: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Cc: linux-doc@vger.kernel.org, NeilBrown <neilb@suse.de>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
Eric Dumazet <edumazet@google.com>,
selinux@tycho.nsa.gov, Jonathan Corbet <corbet@lwn.net>,
havner@gmail.com,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Jiri Slaby <jslaby@suse.com>, Stephen Smalley <sds@tycho.nsa.gov>,
Alexey Dobriyan <adobriyan@gmail.com>,
Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
Fabian Frederick <fabf@skynet.be>,
Al Viro <viro@zeniv.linux.org.uk>,
James Morris <james.l.morris@oracle.com>,
John Johansen <john.johansen@canonical.com>,
Greg KH <gregkh@linuxfoundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
linux-security-module@vger.kernel.org,
Zefan Li <lizefan@huawei.com>, Joe Perches <joe@perches.com>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v3 04/11] lsm: inode_pre_setxattr hook
Date: Thu, 30 Jul 2015 16:56:48 -0500 [thread overview]
Message-ID: <20150730215648.GD13589@mail.hallyn.com> (raw)
In-Reply-To: <1437732285-11524-5-git-send-email-l.pawelczyk@samsung.com>
On Fri, Jul 24, 2015 at 12:04:38PM +0200, Lukasz Pawelczyk wrote:
> Add a new LSM hook called before inode's setxattr. It is required for
> LSM to be able to reliably replace the xattr's value to be set to
> filesystem in __vfs_setxattr_noperm(). Useful for mapped values, like in
> the upcoming Smack namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Could get confusing if userspace passes in 1 char and gets ENOSPC because
the unmapped label is too long :)
> ---
> fs/xattr.c | 10 ++++++++++
> include/linux/lsm_hooks.h | 9 +++++++++
> include/linux/security.h | 10 ++++++++++
> security/security.c | 12 ++++++++++++
> 4 files changed, 41 insertions(+)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 072fee1..cbc8d19 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -100,12 +100,22 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
> if (issec)
> inode->i_flags &= ~S_NOSEC;
> if (inode->i_op->setxattr) {
> + bool alloc = false;
> +
> + error = security_inode_pre_setxattr(dentry, name, &value,
> + &size, flags, &alloc);
> + if (error)
> + return error;
> +
> error = inode->i_op->setxattr(dentry, name, value, size, flags);
> if (!error) {
> fsnotify_xattr(dentry);
> security_inode_post_setxattr(dentry, name, value,
> size, flags);
> }
> +
> + if (alloc)
> + kfree(value);
> } else if (issec) {
> const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
> error = security_inode_setsecurity(inode, suffix, value,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 1751864..0aeed91 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -349,6 +349,11 @@
> * Check permission before setting the extended attributes
> * @value identified by @name for @dentry.
> * Return 0 if permission is granted.
> + * @inode_pre_setxattr:
> + * Be able to do some operation before setting the @value identified
> + * by @name on the filesystem. Replacing the @value and its @size is
> + * possible. Useful for mapped values. Set @alloc to true if @value
> + * needs to be kfreed afterwards.
> * @inode_post_setxattr:
> * Update inode security field after successful setxattr operation.
> * @value identified by @name for @dentry.
> @@ -1448,6 +1453,9 @@ union security_list_options {
> int (*inode_getattr)(const struct path *path);
> int (*inode_setxattr)(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> + int (*inode_pre_setxattr)(struct dentry *dentry, const char *name,
> + const void **value, size_t *size,
> + int flags, bool *alloc);
> void (*inode_post_setxattr)(struct dentry *dentry, const char *name,
> const void *value, size_t size,
> int flags);
> @@ -1730,6 +1738,7 @@ struct security_hook_heads {
> struct list_head inode_setattr;
> struct list_head inode_getattr;
> struct list_head inode_setxattr;
> + struct list_head inode_pre_setxattr;
> struct list_head inode_post_setxattr;
> struct list_head inode_getxattr;
> struct list_head inode_listxattr;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index f0d2914..24f91e0 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -263,6 +263,9 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
> int security_inode_getattr(const struct path *path);
> int security_inode_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> +int security_inode_pre_setxattr(struct dentry *dentry, const char *name,
> + const void **value, size_t *size, int flags,
> + bool *alloc);
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> int security_inode_getxattr(struct dentry *dentry, const char *name);
> @@ -691,6 +694,13 @@ static inline int security_inode_setxattr(struct dentry *dentry,
> return cap_inode_setxattr(dentry, name, value, size, flags);
> }
>
> +static inline int security_inode_pre_setxattr(struct dentry *dentry,
> + const char *name, const void **value,
> + size_t *size, int flags, bool *alloc)
> +{
> + return 0;
> +}
> +
> static inline void security_inode_post_setxattr(struct dentry *dentry,
> const char *name, const void *value, size_t size, int flags)
> { }
> diff --git a/security/security.c b/security/security.c
> index 88a3b78..e1d2c6f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -649,6 +649,16 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
> return evm_inode_setxattr(dentry, name, value, size);
> }
>
> +int security_inode_pre_setxattr(struct dentry *dentry, const char *name,
> + const void **value, size_t *size, int flags,
> + bool *alloc)
> +{
> + if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> + return 0;
> + return call_int_hook(inode_pre_setxattr, 0, dentry, name, value, size,
> + flags, alloc);
> +}
> +
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags)
> {
> @@ -1666,6 +1676,8 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.inode_getattr),
> .inode_setxattr =
> LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
> + .inode_pre_setxattr =
> + LIST_HEAD_INIT(security_hook_heads.inode_pre_setxattr),
> .inode_post_setxattr =
> LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
> .inode_getxattr =
> --
> 2.4.3
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnd Bergmann <arnd@arndb.de>,
Casey Schaufler <casey@schaufler-ca.com>,
David Howells <dhowells@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Eric Paris <eparis@parisplace.org>,
Fabian Frederick <fabf@skynet.be>,
Greg KH <gregkh@linuxfoundation.org>,
James Morris <james.l.morris@oracle.com>,
Jiri Slaby <jslaby@suse.com>, Joe Perches <joe@perches.com>,
John Johansen <john.johansen@canonical.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
NeilBrown <neilb@suse.de>, Oleg Nesterov <oleg@redhat.com>,
Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@
Subject: Re: [PATCH v3 04/11] lsm: inode_pre_setxattr hook
Date: Thu, 30 Jul 2015 16:56:48 -0500 [thread overview]
Message-ID: <20150730215648.GD13589@mail.hallyn.com> (raw)
In-Reply-To: <1437732285-11524-5-git-send-email-l.pawelczyk@samsung.com>
On Fri, Jul 24, 2015 at 12:04:38PM +0200, Lukasz Pawelczyk wrote:
> Add a new LSM hook called before inode's setxattr. It is required for
> LSM to be able to reliably replace the xattr's value to be set to
> filesystem in __vfs_setxattr_noperm(). Useful for mapped values, like in
> the upcoming Smack namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Could get confusing if userspace passes in 1 char and gets ENOSPC because
the unmapped label is too long :)
> ---
> fs/xattr.c | 10 ++++++++++
> include/linux/lsm_hooks.h | 9 +++++++++
> include/linux/security.h | 10 ++++++++++
> security/security.c | 12 ++++++++++++
> 4 files changed, 41 insertions(+)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 072fee1..cbc8d19 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -100,12 +100,22 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
> if (issec)
> inode->i_flags &= ~S_NOSEC;
> if (inode->i_op->setxattr) {
> + bool alloc = false;
> +
> + error = security_inode_pre_setxattr(dentry, name, &value,
> + &size, flags, &alloc);
> + if (error)
> + return error;
> +
> error = inode->i_op->setxattr(dentry, name, value, size, flags);
> if (!error) {
> fsnotify_xattr(dentry);
> security_inode_post_setxattr(dentry, name, value,
> size, flags);
> }
> +
> + if (alloc)
> + kfree(value);
> } else if (issec) {
> const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
> error = security_inode_setsecurity(inode, suffix, value,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 1751864..0aeed91 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -349,6 +349,11 @@
> * Check permission before setting the extended attributes
> * @value identified by @name for @dentry.
> * Return 0 if permission is granted.
> + * @inode_pre_setxattr:
> + * Be able to do some operation before setting the @value identified
> + * by @name on the filesystem. Replacing the @value and its @size is
> + * possible. Useful for mapped values. Set @alloc to true if @value
> + * needs to be kfreed afterwards.
> * @inode_post_setxattr:
> * Update inode security field after successful setxattr operation.
> * @value identified by @name for @dentry.
> @@ -1448,6 +1453,9 @@ union security_list_options {
> int (*inode_getattr)(const struct path *path);
> int (*inode_setxattr)(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> + int (*inode_pre_setxattr)(struct dentry *dentry, const char *name,
> + const void **value, size_t *size,
> + int flags, bool *alloc);
> void (*inode_post_setxattr)(struct dentry *dentry, const char *name,
> const void *value, size_t size,
> int flags);
> @@ -1730,6 +1738,7 @@ struct security_hook_heads {
> struct list_head inode_setattr;
> struct list_head inode_getattr;
> struct list_head inode_setxattr;
> + struct list_head inode_pre_setxattr;
> struct list_head inode_post_setxattr;
> struct list_head inode_getxattr;
> struct list_head inode_listxattr;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index f0d2914..24f91e0 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -263,6 +263,9 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
> int security_inode_getattr(const struct path *path);
> int security_inode_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> +int security_inode_pre_setxattr(struct dentry *dentry, const char *name,
> + const void **value, size_t *size, int flags,
> + bool *alloc);
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> int security_inode_getxattr(struct dentry *dentry, const char *name);
> @@ -691,6 +694,13 @@ static inline int security_inode_setxattr(struct dentry *dentry,
> return cap_inode_setxattr(dentry, name, value, size, flags);
> }
>
> +static inline int security_inode_pre_setxattr(struct dentry *dentry,
> + const char *name, const void **value,
> + size_t *size, int flags, bool *alloc)
> +{
> + return 0;
> +}
> +
> static inline void security_inode_post_setxattr(struct dentry *dentry,
> const char *name, const void *value, size_t size, int flags)
> { }
> diff --git a/security/security.c b/security/security.c
> index 88a3b78..e1d2c6f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -649,6 +649,16 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
> return evm_inode_setxattr(dentry, name, value, size);
> }
>
> +int security_inode_pre_setxattr(struct dentry *dentry, const char *name,
> + const void **value, size_t *size, int flags,
> + bool *alloc)
> +{
> + if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> + return 0;
> + return call_int_hook(inode_pre_setxattr, 0, dentry, name, value, size,
> + flags, alloc);
> +}
> +
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags)
> {
> @@ -1666,6 +1676,8 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.inode_getattr),
> .inode_setxattr =
> LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
> + .inode_pre_setxattr =
> + LIST_HEAD_INIT(security_hook_heads.inode_pre_setxattr),
> .inode_post_setxattr =
> LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
> .inode_getxattr =
> --
> 2.4.3
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnd Bergmann <arnd@arndb.de>,
Casey Schaufler <casey@schaufler-ca.com>,
David Howells <dhowells@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Eric Paris <eparis@parisplace.org>,
Fabian Frederick <fabf@skynet.be>,
Greg KH <gregkh@linuxfoundation.org>,
James Morris <james.l.morris@oracle.com>,
Jiri Slaby <jslaby@suse.com>, Joe Perches <joe@perches.com>,
John Johansen <john.johansen@canonical.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
NeilBrown <neilb@suse.de>, Oleg Nesterov <oleg@redhat.com>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Zefan Li <lizefan@huawei.com>,
linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
havner@gmail.com
Subject: Re: [PATCH v3 04/11] lsm: inode_pre_setxattr hook
Date: Thu, 30 Jul 2015 16:56:48 -0500 [thread overview]
Message-ID: <20150730215648.GD13589@mail.hallyn.com> (raw)
In-Reply-To: <1437732285-11524-5-git-send-email-l.pawelczyk@samsung.com>
On Fri, Jul 24, 2015 at 12:04:38PM +0200, Lukasz Pawelczyk wrote:
> Add a new LSM hook called before inode's setxattr. It is required for
> LSM to be able to reliably replace the xattr's value to be set to
> filesystem in __vfs_setxattr_noperm(). Useful for mapped values, like in
> the upcoming Smack namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Could get confusing if userspace passes in 1 char and gets ENOSPC because
the unmapped label is too long :)
> ---
> fs/xattr.c | 10 ++++++++++
> include/linux/lsm_hooks.h | 9 +++++++++
> include/linux/security.h | 10 ++++++++++
> security/security.c | 12 ++++++++++++
> 4 files changed, 41 insertions(+)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 072fee1..cbc8d19 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -100,12 +100,22 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
> if (issec)
> inode->i_flags &= ~S_NOSEC;
> if (inode->i_op->setxattr) {
> + bool alloc = false;
> +
> + error = security_inode_pre_setxattr(dentry, name, &value,
> + &size, flags, &alloc);
> + if (error)
> + return error;
> +
> error = inode->i_op->setxattr(dentry, name, value, size, flags);
> if (!error) {
> fsnotify_xattr(dentry);
> security_inode_post_setxattr(dentry, name, value,
> size, flags);
> }
> +
> + if (alloc)
> + kfree(value);
> } else if (issec) {
> const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
> error = security_inode_setsecurity(inode, suffix, value,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 1751864..0aeed91 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -349,6 +349,11 @@
> * Check permission before setting the extended attributes
> * @value identified by @name for @dentry.
> * Return 0 if permission is granted.
> + * @inode_pre_setxattr:
> + * Be able to do some operation before setting the @value identified
> + * by @name on the filesystem. Replacing the @value and its @size is
> + * possible. Useful for mapped values. Set @alloc to true if @value
> + * needs to be kfreed afterwards.
> * @inode_post_setxattr:
> * Update inode security field after successful setxattr operation.
> * @value identified by @name for @dentry.
> @@ -1448,6 +1453,9 @@ union security_list_options {
> int (*inode_getattr)(const struct path *path);
> int (*inode_setxattr)(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> + int (*inode_pre_setxattr)(struct dentry *dentry, const char *name,
> + const void **value, size_t *size,
> + int flags, bool *alloc);
> void (*inode_post_setxattr)(struct dentry *dentry, const char *name,
> const void *value, size_t size,
> int flags);
> @@ -1730,6 +1738,7 @@ struct security_hook_heads {
> struct list_head inode_setattr;
> struct list_head inode_getattr;
> struct list_head inode_setxattr;
> + struct list_head inode_pre_setxattr;
> struct list_head inode_post_setxattr;
> struct list_head inode_getxattr;
> struct list_head inode_listxattr;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index f0d2914..24f91e0 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -263,6 +263,9 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
> int security_inode_getattr(const struct path *path);
> int security_inode_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> +int security_inode_pre_setxattr(struct dentry *dentry, const char *name,
> + const void **value, size_t *size, int flags,
> + bool *alloc);
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags);
> int security_inode_getxattr(struct dentry *dentry, const char *name);
> @@ -691,6 +694,13 @@ static inline int security_inode_setxattr(struct dentry *dentry,
> return cap_inode_setxattr(dentry, name, value, size, flags);
> }
>
> +static inline int security_inode_pre_setxattr(struct dentry *dentry,
> + const char *name, const void **value,
> + size_t *size, int flags, bool *alloc)
> +{
> + return 0;
> +}
> +
> static inline void security_inode_post_setxattr(struct dentry *dentry,
> const char *name, const void *value, size_t size, int flags)
> { }
> diff --git a/security/security.c b/security/security.c
> index 88a3b78..e1d2c6f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -649,6 +649,16 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
> return evm_inode_setxattr(dentry, name, value, size);
> }
>
> +int security_inode_pre_setxattr(struct dentry *dentry, const char *name,
> + const void **value, size_t *size, int flags,
> + bool *alloc)
> +{
> + if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> + return 0;
> + return call_int_hook(inode_pre_setxattr, 0, dentry, name, value, size,
> + flags, alloc);
> +}
> +
> void security_inode_post_setxattr(struct dentry *dentry, const char *name,
> const void *value, size_t size, int flags)
> {
> @@ -1666,6 +1676,8 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.inode_getattr),
> .inode_setxattr =
> LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
> + .inode_pre_setxattr =
> + LIST_HEAD_INIT(security_hook_heads.inode_pre_setxattr),
> .inode_post_setxattr =
> LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
> .inode_getxattr =
> --
> 2.4.3
next prev parent reply other threads:[~2015-07-30 21:56 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 10:04 [PATCH v3 00/11] Smack namespace Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 01/11] user_ns: 3 new LSM hooks for user namespace operations Lukasz Pawelczyk
2015-07-30 21:30 ` Serge E. Hallyn
2015-07-30 21:30 ` Serge E. Hallyn
2015-07-30 21:30 ` Serge E. Hallyn
2015-07-31 9:28 ` Lukasz Pawelczyk
2015-07-31 9:28 ` Lukasz Pawelczyk
2015-07-31 9:28 ` Lukasz Pawelczyk
2015-08-01 3:48 ` Serge E. Hallyn
2015-08-01 3:48 ` Serge E. Hallyn
2015-08-01 3:48 ` Serge E. Hallyn
2015-08-03 11:34 ` Lukasz Pawelczyk
2015-08-03 11:34 ` Lukasz Pawelczyk
2015-08-03 11:34 ` Lukasz Pawelczyk
2015-08-04 1:38 ` Kees Cook
2015-08-04 1:38 ` Kees Cook
2015-08-04 1:38 ` Kees Cook
2015-08-21 5:04 ` Paul Moore
2015-08-21 5:04 ` Paul Moore
2015-08-21 15:56 ` Paul Moore
2015-08-21 15:56 ` Paul Moore
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-30 21:49 ` Serge E. Hallyn
2015-07-30 21:49 ` Serge E. Hallyn
2015-07-30 21:49 ` Serge E. Hallyn
2015-08-21 5:14 ` Paul Moore
2015-08-21 5:14 ` Paul Moore
2015-08-21 9:30 ` Lukasz Pawelczyk
2015-08-21 9:30 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 03/11] lsm: add file opener's cred to a setprocattr arguments Lukasz Pawelczyk
2015-07-30 21:50 ` Serge E. Hallyn
2015-07-30 21:50 ` Serge E. Hallyn
2015-07-30 21:50 ` Serge E. Hallyn
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 04/11] lsm: inode_pre_setxattr hook Lukasz Pawelczyk
2015-07-30 21:56 ` Serge E. Hallyn [this message]
2015-07-30 21:56 ` Serge E. Hallyn
2015-07-30 21:56 ` Serge E. Hallyn
2015-07-31 9:43 ` Lukasz Pawelczyk
2015-07-31 9:43 ` Lukasz Pawelczyk
2015-07-31 9:43 ` Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 05/11] smack: extend capability functions and fix 2 checks Lukasz Pawelczyk
2015-07-30 22:10 ` Serge E. Hallyn
2015-07-30 22:10 ` Serge E. Hallyn
2015-07-30 22:10 ` Serge E. Hallyn
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 06/11] smack: don't use implicit star to display smackfs/syslog Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-30 22:42 ` Serge E. Hallyn
2015-07-30 22:42 ` Serge E. Hallyn
2015-07-30 22:42 ` Serge E. Hallyn
2015-07-24 10:04 ` [PATCH v3 07/11] smack: abstraction layer for 2 common Smack operations Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 08/11] smack: misc cleanups in preparation for a namespace patch Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 09/11] smack: namespace groundwork Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 10/11] smack: namespace implementation Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 11/11] smack: documentation for the Smack namespace Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-29 15:25 ` Serge E. Hallyn
2015-07-29 15:25 ` Serge E. Hallyn
2015-07-29 15:25 ` Serge E. Hallyn
2015-07-29 16:10 ` Lukasz Pawelczyk
2015-07-29 16:10 ` Lukasz Pawelczyk
2015-07-29 16:13 ` Lukasz Pawelczyk
2015-07-29 16:13 ` Lukasz Pawelczyk
2015-07-29 16:13 ` Lukasz Pawelczyk
2015-07-29 16:24 ` Lukasz Pawelczyk
2015-07-29 16:24 ` Lukasz Pawelczyk
2015-07-29 16:24 ` Lukasz Pawelczyk
2015-07-29 16:37 ` Serge E. Hallyn
2015-07-29 16:37 ` Serge E. Hallyn
2015-07-29 16:37 ` Serge E. Hallyn
2015-07-29 17:05 ` Lukasz Pawelczyk
2015-07-29 17:05 ` Lukasz Pawelczyk
2015-07-29 17:05 ` Lukasz Pawelczyk
2015-07-30 19:11 ` Serge E. Hallyn
2015-07-30 19:11 ` Serge E. Hallyn
2015-07-30 19:11 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150730215648.GD13589@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=fabf@skynet.be \
--cc=gregkh@linuxfoundation.org \
--cc=havner@gmail.com \
--cc=james.l.morris@oracle.com \
--cc=joe@perches.com \
--cc=john.johansen@canonical.com \
--cc=jslaby@suse.com \
--cc=keescook@chromium.org \
--cc=l.pawelczyk@samsung.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=luto@amacapital.net \
--cc=mchehab@osg.samsung.com \
--cc=neilb@suse.de \
--cc=oleg@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.