From: Christoph Hellwig <hch@infradead.org>
To: hallyn@serge.ibm.com
Cc: linux-fsdevel@vger.kernel.org, linux-security-module@wirex.com,
Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk>,
Ext2-devel@lists.sourceforge.net,
Andreas Gruenbacher <agruen@suse.de>,
Andreas Dilger <adilger@clusterfs.com>,
Christoph Hellwig <hch@infradead.org>,
Andrew Morton <akpm@osdl.org>, Stephen Tweedie <sct@redhat.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
James Morris <jmorris@redhat.com>, Chris Wright <chrisw@osdl.org>
Subject: Re: [RFC] [PATCH] Stacking support for inode_init_security
Date: Tue, 6 Sep 2005 12:42:12 +0100 [thread overview]
Message-ID: <20050906114212.GD5309@infradead.org> (raw)
In-Reply-To: <20050819204712.GA9463@serge.ibm.com>
On Fri, Aug 19, 2005 at 03:47:12PM -0500, hallyn@serge.ibm.com wrote:
> The following patch changes the (new to -mm) inode_init_security
> function to support multiple LSMs. It does this by placing the
> three passed arguments (name, value, len) into a structure, and
> passing in a list_head, onto which the structure can be appended.
> The callers (filesystems) call their <fs>_xattr_set functions
> on each returned (name, value, len) set.
>
> This is useful both for the stacker LSM, and for any two (or more)
> LSMs which might want to cooperate even without stacker.
>
> I've tested it under a plain selinux-enabled 2.6.13-rc6-mm1 using
> Stephen Smalley's sample exploit originally motivating
> inode_init_security, as well as with a simple 'touch ab; ls -Z ab'.
>
> I've also tested it with a corresponding stacker patch, with
> selinux stacked with two test LSMs which simply define
> inode_init_security. Again, this passed the sample exploit, and
> manually inspecting the .security xattrs gave the expected results.
I'm personally against supporting stacking LSMs, but if the relevant
maintainers decided we really want to have them this patch is nessecary
to support it and thus okay.
prev parent reply other threads:[~2005-09-06 11:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-19 20:47 [RFC] [PATCH] Stacking support for inode_init_security hallyn
2005-09-06 11:42 ` Christoph Hellwig [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050906114212.GD5309@infradead.org \
--to=hch@infradead.org \
--cc=Ext2-devel@lists.sourceforge.net \
--cc=adilger@clusterfs.com \
--cc=agruen@suse.de \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=hallyn@serge.ibm.com \
--cc=jmorris@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=sct@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).