Re: 2.6.10-rc2-mm4

[Jeff Mahoney <jeffm@suse.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
| On Tue, 2004-12-07 at 14:57, Jeff Mahoney wrote:
|
|>However, selinux itself accesses inode lists internally that circumvent
|>this. I believe I caught the major case that causes this, but I'd prefer
|>someone with more intimate knowledge of selinux verify.
|
|
| inodes are only added to the list (prior to superblock security
| initialization, e.g. before initial policy load or during get_sb) by
| inode_doinit_with_dentry, which in turn is called from
| selinux_d_instantiate.  So if you've marked the inode private prior to
| the d_instantiate call on it, and changed security_d_instantiate to not
| call the security module for private inodes, how would a private inode
| ever get into that list?

In general, this is true. However, there's a case where it's not. During
the initial filesystem mount, the .reiserfs_priv directory is created by
reiserfs_xattr_init(). This directory becomes the root of the private
inode tree, but there is no way to mark it as private until after mkdir
returns. After it returns, d_instantiate has already been called.

Therefore, on the first read-write mount, the inode associated with
.reiserfs_priv will always be on that list. There are a few methods that
could be added to set the inode private before the d_instantiate, but
they're all pretty gross. Basically, of all the potential solutions,
checking IS_PRIVATE in that loop is the simplest.

- -Jeff

- --
Jeff Mahoney
SuSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBtjLdLPWxlyuTD7IRAp+MAJ9bJy32bIcE/uVVdo+T0bNYIWJoLgCfQNyh
pKnLBMAwi3yIeQE2JXlHIKA=
=0Yc7
-----END PGP SIGNATURE-----