From: Christoph Hellwig <hch@infradead.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: linuxfs <linux-fsdevel@vger.kernel.org>,
Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>,
Ext2-devel@lists.sourceforge.net,
Andreas Gruenbacher <agruen@suse.de>,
Andreas Dilger <adilger@clusterfs.com>,
Andrew Morton <akpm@osdl.org>, Stephen Tweedie <sct@redhat.com>,
James Morris <jmorris@redhat.com>, Chris Wright <chrisw@osdl.org>
Subject: Re: [RFC][PATCH 0/3] Enable atomic inode security labeling
Date: Mon, 11 Jul 2005 00:40:28 +0100 [thread overview]
Message-ID: <20050710234028.GB1301@infradead.org> (raw)
In-Reply-To: <1120829121.19035.45.camel@moss-spartans.epoch.ncsc.mil>
On Fri, Jul 08, 2005 at 09:25:21AM -0400, Stephen Smalley wrote:
> The following patch set enables atomic security labeling of newly
> created inodes by altering the fs code to invoke a new LSM hook to
> obtain the security attribute to apply to a newly created inode and to
> set up the incore inode security state during the inode creation
> transaction. This parallels the existing processing for setting ACLs
> on newly created inodes. Otherwise, it is possible for new inodes to
> be accessed by another thread via the dcache prior to complete
> security setup (presently handled by the post_create/mkdir/... LSM
> hooks in the VFS)
Please also kill these hooks now that they've been replaced with something
more useful and make sure selinux doesn't work on filesystem not converted
to the new method.
-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
next prev parent reply other threads:[~2005-07-10 23:40 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-08 13:25 [RFC][PATCH 0/3] Enable atomic inode security labeling Stephen Smalley
2005-07-08 13:48 ` [RFC][PATCH 1/3] security: " Stephen Smalley
2005-07-08 13:55 ` [RFC][PATCH 2/3] ext2: " Stephen Smalley
2005-07-10 23:39 ` Christoph Hellwig
2005-07-11 12:53 ` Stephen Smalley
2005-07-12 2:29 ` Christoph Hellwig
2005-07-13 20:37 ` Dave Kleikamp
2005-07-13 20:41 ` Stephen Smalley
2005-07-13 20:50 ` Andrew Morton
2005-07-08 13:58 ` [RFC][PATCH 3/3] ext3: " Stephen Smalley
2005-07-11 16:07 ` Stephen C. Tweedie
2005-07-11 16:14 ` Jan Kara
2005-07-11 16:50 ` Stephen C. Tweedie
2005-07-12 14:15 ` [Ext2-devel] " Jan Kara
2005-07-10 23:40 ` Christoph Hellwig [this message]
2005-07-11 13:31 ` [RFC][PATCH 0/3] " Stephen Smalley
2005-07-12 2:32 ` Christoph Hellwig
2005-07-13 15:05 ` [RFC][PATCH 2.6.13-rc2-mm2] tmpfs: " Stephen Smalley
2005-07-14 19:29 ` [RFC][PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks Stephen Smalley
2005-07-14 19:41 ` Chris Wright
2005-07-14 20:51 ` Stephen Smalley
2005-07-14 16:16 ` [RFC][PATCH 0/2] JFS atomic inode security labeling Dave Kleikamp
2005-07-14 16:19 ` [RFC][PATCH 1/2] JFS atomic xattr/acl handling Dave Kleikamp
2005-07-14 16:20 ` [RFC][PATCH 2/2] JFS atomic inode security labeling Dave Kleikamp
2005-07-14 16:26 ` [RFC][PATCH 0/2] " Dave Kleikamp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050710234028.GB1301@infradead.org \
--to=hch@infradead.org \
--cc=Ext2-devel@lists.sourceforge.net \
--cc=adilger@clusterfs.com \
--cc=agruen@suse.de \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=jmorris@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sct@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).