From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Hellwig Subject: Re: [RFC][PATCH 0/3] Enable atomic inode security labeling Date: Mon, 11 Jul 2005 00:40:28 +0100 Message-ID: <20050710234028.GB1301@infradead.org> References: <1120829121.19035.45.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linuxfs , Alexander Viro , Ext2-devel@lists.sourceforge.net, Andreas Gruenbacher , Andreas Dilger , Andrew Morton , Stephen Tweedie , James Morris , Chris Wright Return-path: To: Stephen Smalley Content-Disposition: inline In-Reply-To: <1120829121.19035.45.camel@moss-spartans.epoch.ncsc.mil> Sender: ext2-devel-admin@lists.sourceforge.net Errors-To: ext2-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: List-Id: linux-fsdevel.vger.kernel.org On Fri, Jul 08, 2005 at 09:25:21AM -0400, Stephen Smalley wrote: > The following patch set enables atomic security labeling of newly > created inodes by altering the fs code to invoke a new LSM hook to > obtain the security attribute to apply to a newly created inode and to > set up the incore inode security state during the inode creation > transaction. This parallels the existing processing for setting ACLs > on newly created inodes. Otherwise, it is possible for new inodes to > be accessed by another thread via the dcache prior to complete > security setup (presently handled by the post_create/mkdir/... LSM > hooks in the VFS) Please also kill these hooks now that they've been replaced with something more useful and make sure selinux doesn't work on filesystem not converted to the new method. ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar