linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <paul.moore@hp.com>
Cc: "David P. Quigley" <dpquigl@tycho.nsa.gov>,
	casey@schaufler-ca.com, chrisw@sous-sol.org, jmorris@namei.org,
	hch@lst.de, viro@zeniv.linux.org.uk, selinux@tycho.nsa.gov,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information.
Date: Wed, 05 Mar 2008 15:54:07 -0500	[thread overview]
Message-ID: <1204750447.1397.145.camel@moss-spartans.epoch.ncsc.mil> (raw)
In-Reply-To: <200803051545.25143.paul.moore@hp.com>


On Wed, 2008-03-05 at 15:45 -0500, Paul Moore wrote:
> On Wednesday 05 March 2008 1:54:48 pm David P. Quigley wrote:
> > This patch introduces two new hooks. One to get all relevant
> > information from an LSM about an inode an the second given that
> > context to set it on the inode. The setcontext call takes a flag to
> > indicate if it should set the incore representation, the ondisk
> > representation or both. This hook is for use in the labeled NFS code
> > and addresses concerns of how to set security on an inode in a
> > multi-xattr LSM.
> >
> > Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
> > ---
> >  include/linux/security.h |   18 ++++++++++++++++++
> >  security/dummy.c         |   12 ++++++++++++
> >  security/security.c      |   12 ++++++++++++
> >  security/selinux/hooks.c |   31 ++++++++++++++++++++++++++++++-
> >  4 files changed, 72 insertions(+), 1 deletions(-)
> >
> > diff --git a/include/linux/security.h b/include/linux/security.h
> > index fe52cde..bb71ac9 100644
> > --- a/include/linux/security.h
> > +++ b/include/linux/security.h
> > @@ -112,6 +112,10 @@ struct request_sock;
> >  #define LSM_UNSAFE_PTRACE	2
> >  #define LSM_UNSAFE_PTRACE_CAP	4
> >
> > +/* Flags for setsecctx */
> > +#define LSM_SETCORE	1
> > +#define LSM_SETDISK	2
> > +
> >  #ifdef CONFIG_SECURITY
> >
> >  /**
> > @@ -1395,6 +1399,9 @@ struct security_operations {
> >  	int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid);
> >  	void (*release_secctx)(char *secdata, u32 seclen);
> >
> > +	int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32
> > ctxlen, int flags);
> > +	int (*inode_getsecctx)(struct dentry *dentry, 
> > void **ctx, u32 *ctxlen);
> 
> Not a terribly big deal, but I liked James' suggestion of 'file_<blah>' 
> instead of 'inode_<blah>'.

I wasn't as keen on it - at present, we use file_ for hooks that operate
on an open file (struct file).

And it is already the case that e.g. inode_getsecurity and
inode_setsecurity can and are used on socket inodes via f[gs]etxattr to
get the socket inode's security label.  

For actually getting the sk security label (which ideally would always
be kept in sync, but that isn't addressed today), we might have a
sk_[gs]etsecctx.

-- 
Stephen Smalley
National Security Agency


  reply	other threads:[~2008-03-05 20:54 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-05 18:54 [RFC]Introduce generalized hooks for getting and setting inode secctx David P. Quigley
2008-03-05 18:54 ` [PATCH 1/2] VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx David P. Quigley
2008-03-06 12:27   ` Christoph Hellwig
     [not found]     ` <20080306122703.GA4648-jcswGhMUV9g@public.gmane.org>
2008-03-06 16:47       ` Dave Quigley
2008-03-07 10:05         ` Christoph Hellwig
2008-03-07 16:10           ` Dave Quigley
2008-03-07 17:11             ` Casey Schaufler
     [not found]               ` <624405.64789.qm-VNlLEJ//v6ivuULXzWHTWIglqE1Y4D90QQ4Iyu8u01E@public.gmane.org>
2008-03-07 17:37                 ` Dave Quigley
2008-03-07 18:14                   ` Casey Schaufler
2008-03-07 18:17                     ` Stephen Smalley
2008-03-07 18:49                       ` Casey Schaufler
2008-03-07 19:17                         ` Stephen Smalley
2008-03-07 19:48                           ` Casey Schaufler
2008-03-07 20:05                             ` Stephen Smalley
2008-03-07 21:13                               ` Casey Schaufler
2008-03-10 12:37                                 ` Stephen Smalley
2008-03-07 20:28                             ` Chris Wright
2008-03-05 18:54 ` [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information David P. Quigley
2008-03-05 20:45   ` Paul Moore
2008-03-05 20:54     ` Stephen Smalley [this message]
2008-03-05 22:28   ` Casey Schaufler
2008-03-06 12:30   ` Christoph Hellwig
2008-03-06 13:50     ` Stephen Smalley
2008-03-06 13:54       ` Christoph Hellwig
2008-03-06 14:05         ` Stephen Smalley
2008-03-06 14:07           ` Christoph Hellwig
2008-03-06 14:25             ` James Morris
2008-03-06 14:48               ` Stephen Smalley
2008-03-06 17:13                 ` Dave Quigley
2008-03-07 10:03                   ` Christoph Hellwig
     [not found]                     ` <20080307100353.GA16831-jcswGhMUV9g@public.gmane.org>
2008-03-07 16:06                       ` Dave Quigley
2008-03-07 16:54                         ` Miklos Szeredi
     [not found]                           ` <E1JXfpu-0001d1-57-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
2008-03-07 17:30                             ` Dave Quigley
2008-03-07 20:24                               ` Miklos Szeredi
2008-03-07 21:07                                 ` Dave Quigley
2008-03-07 21:46                                   ` Miklos Szeredi
2008-03-08  0:24                                     ` Brad Boyer
2008-03-07 21:23                         ` Dave Quigley
2008-03-08 11:49                           ` Christoph Hellwig
  -- strict thread matches above, loose matches on Subject: below --
2008-03-18 18:57 [RFC]Introduce generalized hooks for getting and setting inode secctx v3 David P. Quigley
     [not found] ` <1205866664-24902-1-git-send-email-dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2008-03-18 18:57   ` [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information David P. Quigley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1204750447.1397.145.camel@moss-spartans.epoch.ncsc.mil \
    --to=sds@tycho.nsa.gov \
    --cc=casey@schaufler-ca.com \
    --cc=chrisw@sous-sol.org \
    --cc=dpquigl@tycho.nsa.gov \
    --cc=hch@lst.de \
    --cc=jmorris@namei.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul.moore@hp.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).