From: David Howells <dhowells@redhat.com>
To: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
trond.myklebust@fys.uio.no, selinux@tycho.nsa.gov,
linux-kernel@vger.kernel.org, aviro@redhat.com,
steved@redhat.com
Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden
Date: Wed, 15 Nov 2006 19:09:10 +0000 [thread overview]
Message-ID: <6134.1163617750@redhat.com> (raw)
In-Reply-To: <26860.1163607813@redhat.com>
David Howells <dhowells@redhat.com> wrote:
> > I think we need to add a separate field for this purpose, which can only
> > be written to via the in-kernel API and overrides fscreate.
>
> So, like my acts-as security ID patch?
How about this then?
I haven't removed the old fscreate overriding patch yet, not have I put in the
error handling in CacheFiles.
And whilst selinux_fscreate_as_secid() does perform a MAC check, I think that
PROCESS__SETFSCREATE is probably the wroing thing to use. I think there should
be a PROCESS__SETFSCREATEAS or similar. I assume that doing that would require
the userspace policy compiler to be modified.
David
---
include/linux/security.h | 35 ++++++++++++++++++++++++++++++++
security/dummy.c | 14 +++++++++++++
security/selinux/hooks.c | 40 +++++++++++++++++++++++++++++++------
security/selinux/include/objsec.h | 1 +
fs/cachefiles/internal.h | 7 +++---
5 files changed, 87 insertions(+), 10 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 8cfeefc..33a20f9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1171,6 +1171,17 @@ #ifdef CONFIG_SECURITY
* owning security ID, and return the security ID as which the process was
* previously acting.
*
+ * @fscreate_as_secid:
+ * Set the security ID as which to create files, returning the security ID
+ * as which the process was previously creating files.
+ * @secid contains the security ID to act as.
+ * @oldsecid points to where the old security ID will be placed (or NULL).
+ *
+ * @fscreate_as_self:
+ * Reset the security ID as which to create files to be the same as the
+ * process's own creation security ID, and return the security ID as which
+ * the process was previously creating files.
+ *
* @cachefiles_get_secid:
* Determine the security ID for the CacheFiles module to use when
* accessing the filesystem containing the cache.
@@ -1366,6 +1377,8 @@ struct security_operations {
u32 (*set_fscreate_secid)(u32 secid);
u32 (*act_as_secid)(u32 secid);
u32 (*act_as_self)(void);
+ int (*fscreate_as_secid)(u32 secid, u32 *oldsecid);
+ u32 (*fscreate_as_self)(void);
int (*cachefiles_get_secid)(u32 secid, u32 *modsecid);
#ifdef CONFIG_SECURITY_NETWORK
@@ -2189,6 +2202,16 @@ static inline u32 security_act_as_self(v
return security_ops->act_as_self();
}
+static inline int security_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ return security_ops->fscreate_as_secid(secid, oldsecid);
+}
+
+static inline u32 security_fscreate_as_self(void)
+{
+ return security_ops->fscreate_as_self();
+}
+
static inline int security_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
return security_ops->cachefiles_get_secid(secid, modsecid);
@@ -2899,6 +2922,18 @@ static inline u32 security_act_as_self(v
return 0;
}
+static inline int security_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ if (oldsecid)
+ *oldsecid = 0;
+ return 0;
+}
+
+static inline u32 security_fscreate_as_self(void)
+{
+ return 0;
+}
+
static inline int security_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
*modsecid = 0;
diff --git a/security/dummy.c b/security/dummy.c
index 30096ec..b31bd4c 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -952,6 +952,18 @@ static u32 dummy_act_as_self(void)
return 0;
}
+static int dummy_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ if (oldsecid)
+ *oldsecid = 0;
+ return 0;
+}
+
+static u32 dummy_fscreate_as_self(void)
+{
+ return 0;
+}
+
static int dummy_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
*modsecid = 0;
@@ -1117,6 +1129,8 @@ void security_fixup_ops (struct security
set_to_dummy_if_null(ops, set_fscreate_secid);
set_to_dummy_if_null(ops, act_as_secid);
set_to_dummy_if_null(ops, act_as_self);
+ set_to_dummy_if_null(ops, fscreate_as_secid);
+ set_to_dummy_if_null(ops, fscreate_as_self);
set_to_dummy_if_null(ops, cachefiles_get_secid);
#ifdef CONFIG_SECURITY_NETWORK
set_to_dummy_if_null(ops, unix_stream_connect);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3a52698..c9388e3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1170,8 +1170,9 @@ static int may_create(struct inode *dir,
if (rc)
return rc;
- if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
- newsid = tsec->create_sid;
+ if (tsec->create_as_sid &&
+ sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
+ newsid = tsec->create_as_sid;
} else {
rc = security_transition_sid(tsec->actor_sid, dsec->sid,
tclass, &newsid);
@@ -1606,7 +1607,7 @@ static int selinux_bprm_set_security(str
bsec->sid = tsec->actor_sid;
/* Reset fs, key, and sock SIDs on execve. */
- tsec->create_sid = 0;
+ tsec->create_as_sid = tsec->create_sid = 0;
tsec->keycreate_sid = 0;
tsec->sockcreate_sid = 0;
@@ -2088,8 +2089,9 @@ static int selinux_inode_init_security(s
dsec = dir->i_security;
sbsec = dir->i_sb->s_security;
- if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
- newsid = tsec->create_sid;
+ if (tsec->create_as_sid &&
+ sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
+ newsid = tsec->create_as_sid;
} else {
rc = security_transition_sid(tsec->actor_sid, dsec->sid,
inode_mode_to_security_class(inode->i_mode),
@@ -2711,7 +2713,7 @@ static int selinux_task_alloc_security(s
/* Retain the exec, fs, key, and sock SIDs across fork */
tsec2->exec_sid = tsec1->exec_sid;
- tsec2->create_sid = tsec1->create_sid;
+ tsec2->create_as_sid = tsec2->create_sid = tsec1->create_sid;
tsec2->keycreate_sid = tsec1->keycreate_sid;
tsec2->sockcreate_sid = tsec1->sockcreate_sid;
@@ -4586,6 +4588,30 @@ static u32 selinux_act_as_self(void)
return oldactor_sid;
}
+static int selinux_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ struct task_security_struct *tsec = current->security;
+ int error;
+
+ error = task_has_perm(current, current, PROCESS__SETFSCREATE);
+ if (error < 0)
+ return error;
+
+ if (oldsecid)
+ *oldsecid = tsec->create_as_sid;
+ tsec->create_as_sid = secid;
+ return 0;
+}
+
+static u32 selinux_fscreate_as_self(void)
+{
+ struct task_security_struct *tsec = current->security;
+ u32 oldcreate_sid = tsec->create_as_sid;
+
+ tsec->create_as_sid = tsec->create_sid;
+ return oldcreate_sid;
+}
+
static int selinux_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
return security_transition_sid(secid, SECINITSID_KERNEL,
@@ -4779,6 +4805,8 @@ static struct security_operations selinu
.set_fscreate_secid = selinux_set_fscreate_secid,
.act_as_secid = selinux_act_as_secid,
.act_as_self = selinux_act_as_self,
+ .fscreate_as_secid = selinux_fscreate_as_secid,
+ .fscreate_as_self = selinux_fscreate_as_self,
.cachefiles_get_secid = selinux_cachefiles_get_secid,
.unix_stream_connect = selinux_socket_unix_stream_connect,
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 4e8da30..70a6f00 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -33,6 +33,7 @@ struct task_security_struct {
u32 actor_sid; /* act-as SID (normally == sid) */
u32 exec_sid; /* exec SID */
u32 create_sid; /* fscreate SID */
+ u32 create_as_sid; /* fscreate-as SID (normally == create_sid) */
u32 keycreate_sid; /* keycreate SID */
u32 sockcreate_sid; /* fscreate SID */
u32 ptrace_sid; /* SID of ptrace parent */
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index 4715de5..bd4529d 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -196,7 +196,7 @@ extern int cachefiles_determine_cache_se
static inline
void cachefiles_set_fscreate_secid(struct cachefiles_cache *cache)
{
- security_set_fscreate_secid(cache->cache_secid);
+ security_fscreate_as_secid(cache->cache_secid, NULL);
}
#else
#define cachefiles_get_security_ID(cache) (0)
@@ -217,7 +217,6 @@ static inline void cachefiles_begin_secu
{
#ifdef CONFIG_SECURITY
security_act_as_secid(cache->access_secid);
- ctx->fscreate_secid = security_get_fscreate_secid();
#endif
ctx->fsuid = current->fsuid;
ctx->fsgid = current->fsgid;
@@ -230,7 +229,7 @@ static inline void cachefiles_begin_secu
{
#ifdef CONFIG_SECURITY
security_act_as_secid(cache->access_secid);
- ctx->fscreate_secid = security_set_fscreate_secid(cache->cache_secid);
+ security_fscreate_as_secid(cache->cache_secid, NULL);
#endif
ctx->fsuid = current->fsuid;
ctx->fsgid = current->fsgid;
@@ -244,7 +243,7 @@ static inline void cachefiles_end_secure
current->fsuid = ctx->fsuid;
current->fsgid = ctx->fsgid;
#ifdef CONFIG_SECURITY
- security_set_fscreate_secid(ctx->fscreate_secid);
+ security_fscreate_as_self();
security_act_as_self();
#endif
}
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com>
To: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
trond.myklebust@fys.uio.no, selinux@tycho.nsa.gov,
linux-kernel@vger.kernel.org, aviro@redhat.com,
steved@redhat.com
Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden
Date: Wed, 15 Nov 2006 19:09:10 +0000 [thread overview]
Message-ID: <6134.1163617750@redhat.com> (raw)
In-Reply-To: <26860.1163607813@redhat.com>
David Howells <dhowells@redhat.com> wrote:
> > I think we need to add a separate field for this purpose, which can only
> > be written to via the in-kernel API and overrides fscreate.
>
> So, like my acts-as security ID patch?
How about this then?
I haven't removed the old fscreate overriding patch yet, not have I put in the
error handling in CacheFiles.
And whilst selinux_fscreate_as_secid() does perform a MAC check, I think that
PROCESS__SETFSCREATE is probably the wroing thing to use. I think there should
be a PROCESS__SETFSCREATEAS or similar. I assume that doing that would require
the userspace policy compiler to be modified.
David
---
include/linux/security.h | 35 ++++++++++++++++++++++++++++++++
security/dummy.c | 14 +++++++++++++
security/selinux/hooks.c | 40 +++++++++++++++++++++++++++++++------
security/selinux/include/objsec.h | 1 +
fs/cachefiles/internal.h | 7 +++---
5 files changed, 87 insertions(+), 10 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 8cfeefc..33a20f9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1171,6 +1171,17 @@ #ifdef CONFIG_SECURITY
* owning security ID, and return the security ID as which the process was
* previously acting.
*
+ * @fscreate_as_secid:
+ * Set the security ID as which to create files, returning the security ID
+ * as which the process was previously creating files.
+ * @secid contains the security ID to act as.
+ * @oldsecid points to where the old security ID will be placed (or NULL).
+ *
+ * @fscreate_as_self:
+ * Reset the security ID as which to create files to be the same as the
+ * process's own creation security ID, and return the security ID as which
+ * the process was previously creating files.
+ *
* @cachefiles_get_secid:
* Determine the security ID for the CacheFiles module to use when
* accessing the filesystem containing the cache.
@@ -1366,6 +1377,8 @@ struct security_operations {
u32 (*set_fscreate_secid)(u32 secid);
u32 (*act_as_secid)(u32 secid);
u32 (*act_as_self)(void);
+ int (*fscreate_as_secid)(u32 secid, u32 *oldsecid);
+ u32 (*fscreate_as_self)(void);
int (*cachefiles_get_secid)(u32 secid, u32 *modsecid);
#ifdef CONFIG_SECURITY_NETWORK
@@ -2189,6 +2202,16 @@ static inline u32 security_act_as_self(v
return security_ops->act_as_self();
}
+static inline int security_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ return security_ops->fscreate_as_secid(secid, oldsecid);
+}
+
+static inline u32 security_fscreate_as_self(void)
+{
+ return security_ops->fscreate_as_self();
+}
+
static inline int security_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
return security_ops->cachefiles_get_secid(secid, modsecid);
@@ -2899,6 +2922,18 @@ static inline u32 security_act_as_self(v
return 0;
}
+static inline int security_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ if (oldsecid)
+ *oldsecid = 0;
+ return 0;
+}
+
+static inline u32 security_fscreate_as_self(void)
+{
+ return 0;
+}
+
static inline int security_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
*modsecid = 0;
diff --git a/security/dummy.c b/security/dummy.c
index 30096ec..b31bd4c 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -952,6 +952,18 @@ static u32 dummy_act_as_self(void)
return 0;
}
+static int dummy_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ if (oldsecid)
+ *oldsecid = 0;
+ return 0;
+}
+
+static u32 dummy_fscreate_as_self(void)
+{
+ return 0;
+}
+
static int dummy_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
*modsecid = 0;
@@ -1117,6 +1129,8 @@ void security_fixup_ops (struct security
set_to_dummy_if_null(ops, set_fscreate_secid);
set_to_dummy_if_null(ops, act_as_secid);
set_to_dummy_if_null(ops, act_as_self);
+ set_to_dummy_if_null(ops, fscreate_as_secid);
+ set_to_dummy_if_null(ops, fscreate_as_self);
set_to_dummy_if_null(ops, cachefiles_get_secid);
#ifdef CONFIG_SECURITY_NETWORK
set_to_dummy_if_null(ops, unix_stream_connect);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3a52698..c9388e3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1170,8 +1170,9 @@ static int may_create(struct inode *dir,
if (rc)
return rc;
- if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
- newsid = tsec->create_sid;
+ if (tsec->create_as_sid &&
+ sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
+ newsid = tsec->create_as_sid;
} else {
rc = security_transition_sid(tsec->actor_sid, dsec->sid,
tclass, &newsid);
@@ -1606,7 +1607,7 @@ static int selinux_bprm_set_security(str
bsec->sid = tsec->actor_sid;
/* Reset fs, key, and sock SIDs on execve. */
- tsec->create_sid = 0;
+ tsec->create_as_sid = tsec->create_sid = 0;
tsec->keycreate_sid = 0;
tsec->sockcreate_sid = 0;
@@ -2088,8 +2089,9 @@ static int selinux_inode_init_security(s
dsec = dir->i_security;
sbsec = dir->i_sb->s_security;
- if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
- newsid = tsec->create_sid;
+ if (tsec->create_as_sid &&
+ sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
+ newsid = tsec->create_as_sid;
} else {
rc = security_transition_sid(tsec->actor_sid, dsec->sid,
inode_mode_to_security_class(inode->i_mode),
@@ -2711,7 +2713,7 @@ static int selinux_task_alloc_security(s
/* Retain the exec, fs, key, and sock SIDs across fork */
tsec2->exec_sid = tsec1->exec_sid;
- tsec2->create_sid = tsec1->create_sid;
+ tsec2->create_as_sid = tsec2->create_sid = tsec1->create_sid;
tsec2->keycreate_sid = tsec1->keycreate_sid;
tsec2->sockcreate_sid = tsec1->sockcreate_sid;
@@ -4586,6 +4588,30 @@ static u32 selinux_act_as_self(void)
return oldactor_sid;
}
+static int selinux_fscreate_as_secid(u32 secid, u32 *oldsecid)
+{
+ struct task_security_struct *tsec = current->security;
+ int error;
+
+ error = task_has_perm(current, current, PROCESS__SETFSCREATE);
+ if (error < 0)
+ return error;
+
+ if (oldsecid)
+ *oldsecid = tsec->create_as_sid;
+ tsec->create_as_sid = secid;
+ return 0;
+}
+
+static u32 selinux_fscreate_as_self(void)
+{
+ struct task_security_struct *tsec = current->security;
+ u32 oldcreate_sid = tsec->create_as_sid;
+
+ tsec->create_as_sid = tsec->create_sid;
+ return oldcreate_sid;
+}
+
static int selinux_cachefiles_get_secid(u32 secid, u32 *modsecid)
{
return security_transition_sid(secid, SECINITSID_KERNEL,
@@ -4779,6 +4805,8 @@ static struct security_operations selinu
.set_fscreate_secid = selinux_set_fscreate_secid,
.act_as_secid = selinux_act_as_secid,
.act_as_self = selinux_act_as_self,
+ .fscreate_as_secid = selinux_fscreate_as_secid,
+ .fscreate_as_self = selinux_fscreate_as_self,
.cachefiles_get_secid = selinux_cachefiles_get_secid,
.unix_stream_connect = selinux_socket_unix_stream_connect,
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 4e8da30..70a6f00 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -33,6 +33,7 @@ struct task_security_struct {
u32 actor_sid; /* act-as SID (normally == sid) */
u32 exec_sid; /* exec SID */
u32 create_sid; /* fscreate SID */
+ u32 create_as_sid; /* fscreate-as SID (normally == create_sid) */
u32 keycreate_sid; /* keycreate SID */
u32 sockcreate_sid; /* fscreate SID */
u32 ptrace_sid; /* SID of ptrace parent */
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index 4715de5..bd4529d 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -196,7 +196,7 @@ extern int cachefiles_determine_cache_se
static inline
void cachefiles_set_fscreate_secid(struct cachefiles_cache *cache)
{
- security_set_fscreate_secid(cache->cache_secid);
+ security_fscreate_as_secid(cache->cache_secid, NULL);
}
#else
#define cachefiles_get_security_ID(cache) (0)
@@ -217,7 +217,6 @@ static inline void cachefiles_begin_secu
{
#ifdef CONFIG_SECURITY
security_act_as_secid(cache->access_secid);
- ctx->fscreate_secid = security_get_fscreate_secid();
#endif
ctx->fsuid = current->fsuid;
ctx->fsgid = current->fsgid;
@@ -230,7 +229,7 @@ static inline void cachefiles_begin_secu
{
#ifdef CONFIG_SECURITY
security_act_as_secid(cache->access_secid);
- ctx->fscreate_secid = security_set_fscreate_secid(cache->cache_secid);
+ security_fscreate_as_secid(cache->cache_secid, NULL);
#endif
ctx->fsuid = current->fsuid;
ctx->fsgid = current->fsgid;
@@ -244,7 +243,7 @@ static inline void cachefiles_end_secure
current->fsuid = ctx->fsuid;
current->fsgid = ctx->fsgid;
#ifdef CONFIG_SECURITY
- security_set_fscreate_secid(ctx->fscreate_secid);
+ security_fscreate_as_self();
security_act_as_self();
#endif
}
next prev parent reply other threads:[~2006-11-15 19:09 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-14 20:06 [PATCH 00/19] Permit filesystem local caching and NFS superblock sharing David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 02/19] FS-Cache: Provide a filesystem-specific sync'able page bit David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 03/19] FS-Cache: Release page->private after failed readahead David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 04/19] FS-Cache: Make kAFS use FS-Cache David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 05/19] NFS: Use local caching David Howells
2006-11-14 20:06 ` David Howells
2006-11-15 12:38 ` Steve Dickson
2006-11-15 15:09 ` Trond Myklebust
2006-11-15 16:00 ` David Howells
2006-11-15 16:00 ` David Howells
2006-11-15 16:52 ` Trond Myklebust
2006-11-15 17:07 ` David Howells
2006-11-15 17:07 ` David Howells
2006-11-15 17:53 ` Trond Myklebust
2006-11-14 20:06 ` [PATCH 06/19] FS-Cache: NFS: Only obtain cache cookies on file open, not on inode read David Howells
2006-11-14 20:06 ` David Howells
2006-11-15 11:23 ` Steve Dickson
2006-11-14 20:06 ` [PATCH 07/19] CacheFiles: Add missing copy_page export for ia64 David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 08/19] CacheFiles: Add a function to write a single page of data to an inode David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 09/19] CacheFiles: Permit the page lock state to be monitored David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 10/19] CacheFiles: Export things for CacheFiles David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 21:19 ` James Morris
2006-11-14 21:19 ` James Morris
2006-11-15 12:26 ` David Howells
2006-11-15 12:26 ` David Howells
2006-11-15 16:19 ` James Morris
2006-11-15 16:19 ` James Morris
2006-11-15 16:23 ` David Howells
2006-11-15 16:23 ` David Howells
2006-11-15 17:52 ` Karl MacMillan
2006-11-15 17:52 ` Karl MacMillan
2006-11-15 18:21 ` David Howells
2006-11-15 18:21 ` David Howells
2006-11-15 19:09 ` David Howells [this message]
2006-11-15 19:09 ` David Howells
2006-11-15 19:11 ` David Howells
2006-11-15 19:11 ` David Howells
2006-11-20 18:49 ` Stephen Smalley
2006-11-20 18:49 ` Stephen Smalley
2006-11-15 13:50 ` David Howells
2006-11-15 13:50 ` David Howells
2006-11-15 16:22 ` James Morris
2006-11-15 16:22 ` James Morris
2006-11-15 17:54 ` Karl MacMillan
2006-11-15 17:54 ` Karl MacMillan
2006-11-20 18:41 ` Stephen Smalley
2006-11-20 18:41 ` Stephen Smalley
2006-11-20 19:56 ` Karl MacMillan
2006-11-20 19:56 ` Karl MacMillan
2006-11-20 22:29 ` James Morris
2006-11-20 22:29 ` James Morris
2006-11-14 20:06 ` [PATCH 13/19] CacheFiles: Add an act-as SID override in task_security_struct David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 14/19] CacheFiles: Permit an inode's security ID to be obtained David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 15/19] CacheFiles: Get the SID under which the CacheFiles module should operate David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:06 ` [PATCH 16/19] CacheFiles: Deal with LSM when accessing the cache David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 21:27 ` James Morris
2006-11-14 21:27 ` James Morris
2006-11-14 20:06 ` [PATCH 17/19] CacheFiles: Use the VFS wrappers for inode ops David Howells
2006-11-14 20:06 ` David Howells
2006-11-14 20:07 ` [PATCH 18/19] CacheFiles: Use VFS lookup services David Howells
2006-11-14 20:07 ` [PATCH 19/19] CacheFiles: Permit daemon to probe inuseness of a cache file David Howells
2006-11-14 20:07 ` David Howells
2006-11-15 15:52 ` Christoph Hellwig
2006-11-15 16:10 ` David Howells
2006-11-15 16:10 ` David Howells
2006-11-15 10:10 ` [PATCH 20/19] CacheFiles: Use secid not sid lest confusion arise with session IDs David Howells
2006-11-15 10:10 ` David Howells
2006-11-15 13:17 ` [PATCH 21/19] CacheFiles: Set the file creation security ID whilst binding the cache David Howells
2006-11-15 13:17 ` David Howells
2006-11-15 13:23 ` [PATCH 22/19] FS-Cache: NFS: Rename NFS_INO_CACHEABLE David Howells
2006-11-15 13:23 ` David Howells
2006-11-15 16:42 ` [PATCH 23/19] FS-Cache: NFS: Don't invoke FS-Cache from nfs_zap_caches() David Howells
2006-11-15 16:42 ` David Howells
2006-11-15 16:51 ` [PATCH 24/19] FS-Cache: NFS: Remove old support for R/W caching David Howells
2006-11-15 16:51 ` David Howells
2006-11-15 17:22 ` [PATCH 25/19] FS-Cache: NFS: Wait in releasepage() if FS-Cache is busy and __GFP_WAIT is set David Howells
2006-11-15 17:22 ` David Howells
2006-11-17 10:01 ` [PATCH 26/19] CacheFiles: Don't include linux/proc_fs.h David Howells
2006-11-17 10:01 ` David Howells
2006-11-23 13:10 ` [PATCH 27/19] FS-Cache: Apply the PG_checked -> PG_fs_misc conversion to Ext4 David Howells
2006-11-23 13:10 ` David Howells
2006-11-23 13:17 ` [PATCH 28/19] FS-Cache: NFS: Handle caching being disabled correctly David Howells
2006-11-23 13:17 ` David Howells
2006-11-23 20:13 ` [PATCH 29/19] CacheFiles: Remove old obsolete cull function David Howells
2006-11-23 20:13 ` David Howells
2006-11-29 16:47 ` [PATCH 30/19] CacheFiles: Fix the allocate_page() op David Howells
2006-11-29 16:47 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6134.1163617750@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@osdl.org \
--cc=aviro@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=steved@redhat.com \
--cc=torvalds@osdl.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.