Re: [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information.

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Dave Quigley <dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
To: Miklos Szeredi <miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org>
Cc: hch-jcswGhMUV9g@public.gmane.org,
	sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
	jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org,
	hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org,
	casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org,
	chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org,
	viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org,
	selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information.
Date: Fri, 07 Mar 2008 12:30:10 -0500	[thread overview]
Message-ID: <1204911010.14520.287.camel@moss-terrapins.epoch.ncsc.mil> (raw)
In-Reply-To: <E1JXfpu-0001d1-57-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>


On Fri, 2008-03-07 at 17:54 +0100, Miklos Szeredi wrote:
> > So I have converted all the xattr internals over to an inode from a
> > dentry but there is one issue with that. To set EAs on CIFS they need a
> > full path for the file. I don't think we can reconcile using inodes in
> > the vfs operation with CIFS needing a path. If you have a suggestion on
> > how to handle this I'm more than willing to listen. Everything else
> > however seems to be a trivial change.
> 
> Since there are no hardlinks in CIFS (or are there?) it coukld get the
> dentry back with d_find_alias().
> 
> But what's the point?  Why is it better to pass the inode, rather than
> dentry down to the filesystem?
> 
> Hiding info from lower layers is not generally a good idea if there
> are valid uses for it.  I don't buy Chritoph's argument, that
> filesystems working with paths instead of inodes are inherently
> broken.
> 
> Miklos

This isn't hiding information from the lower layers. The only use of the
dentry is much higher up in the call chain. If you take a look at
sys_chmod (another inode attr modifying call) the dentry is really only
used in

sys_chmod->chown_common->notify_change->fsnotify_change

The operations that actually change the inode metadata on disk do not
touch the dentry at all except to get the inode(rightly so since it is
an INODE operation). 

Dave

next prev parent reply	other threads:[~2008-03-07 17:30 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-05 18:54 [RFC]Introduce generalized hooks for getting and setting inode secctx David P. Quigley
2008-03-05 18:54 ` [PATCH 1/2] VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx David P. Quigley
2008-03-06 12:27   ` Christoph Hellwig
     [not found]     ` <20080306122703.GA4648-jcswGhMUV9g@public.gmane.org>
2008-03-06 16:47       ` Dave Quigley
2008-03-07 10:05         ` Christoph Hellwig
2008-03-07 16:10           ` Dave Quigley
2008-03-07 17:11             ` Casey Schaufler
     [not found]               ` <624405.64789.qm-VNlLEJ//v6ivuULXzWHTWIglqE1Y4D90QQ4Iyu8u01E@public.gmane.org>
2008-03-07 17:37                 ` Dave Quigley
2008-03-07 18:14                   ` Casey Schaufler
2008-03-07 18:17                     ` Stephen Smalley
2008-03-07 18:49                       ` Casey Schaufler
2008-03-07 19:17                         ` Stephen Smalley
2008-03-07 19:48                           ` Casey Schaufler
2008-03-07 20:05                             ` Stephen Smalley
2008-03-07 21:13                               ` Casey Schaufler
2008-03-10 12:37                                 ` Stephen Smalley
2008-03-07 20:28                             ` Chris Wright
2008-03-05 18:54 ` [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information David P. Quigley
2008-03-05 20:45   ` Paul Moore
2008-03-05 20:54     ` Stephen Smalley
2008-03-05 22:28   ` Casey Schaufler
2008-03-06 12:30   ` Christoph Hellwig
2008-03-06 13:50     ` Stephen Smalley
2008-03-06 13:54       ` Christoph Hellwig
2008-03-06 14:05         ` Stephen Smalley
2008-03-06 14:07           ` Christoph Hellwig
2008-03-06 14:25             ` James Morris
2008-03-06 14:48               ` Stephen Smalley
2008-03-06 17:13                 ` Dave Quigley
2008-03-07 10:03                   ` Christoph Hellwig
     [not found]                     ` <20080307100353.GA16831-jcswGhMUV9g@public.gmane.org>
2008-03-07 16:06                       ` Dave Quigley
2008-03-07 16:54                         ` Miklos Szeredi
     [not found]                           ` <E1JXfpu-0001d1-57-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
2008-03-07 17:30                             ` Dave Quigley [this message]
2008-03-07 20:24                               ` Miklos Szeredi
2008-03-07 21:07                                 ` Dave Quigley
2008-03-07 21:46                                   ` Miklos Szeredi
2008-03-08  0:24                                     ` Brad Boyer
2008-03-07 21:23                         ` Dave Quigley
2008-03-08 11:49                           ` Christoph Hellwig
  -- strict thread matches above, loose matches on Subject: below --
2008-03-18 18:57 [RFC]Introduce generalized hooks for getting and setting inode secctx v3 David P. Quigley
     [not found] ` <1205866664-24902-1-git-send-email-dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2008-03-18 18:57   ` [PATCH 2/2] LSM/SELinux: inode_{get,set}secctx hooks to access LSM security context information David P. Quigley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1204911010.14520.287.camel@moss-terrapins.epoch.ncsc.mil \
    --to=dpquigl-+05t5uksl2qpzymllgbcsa@public.gmane.org \
    --cc=casey-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org \
    --cc=chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org \
    --cc=hch-jcswGhMUV9g@public.gmane.org \
    --cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
    --cc=jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org \
    --cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org \
    --cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
    --cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
    --cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).