From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2] Date: Thu, 09 Aug 2007 20:07:39 +0100 Message-ID: <22259.1186686459@redhat.com> References: <162335.27499.qm@web36605.mail.mud.yahoo.com> Reply-To: Linux filesystem caching discussion list Cc: akpm@osdl.org, linux-kernel@vger.kernel.org, nfsv4@linux-nfs.org, trond.myklebust@fys.uio.no, linux-fsdevel@vger.kernel.org, torvalds@osdl.org, linux-cachefs@redhat.com, Casey Schaufler To: James Morris Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cachefs-bounces@redhat.com Errors-To: linux-cachefs-bounces@redhat.com List-Id: linux-fsdevel.vger.kernel.org James Morris wrote: > David, I've looked at the code and can't see that you need to access the > label itself outside the LSM. Could you instead simply pass the inode > pointer around? It's not quite that simple. I need to impose *two* security labels in cachefiles_begin_secure() when I'm about to act on behalf of a process that's tried to access a netfs file: (1) The security label to act as. This is the label attached to the cachefilesd process when it starts the cache. This is obtained by cachefiles_get_security_ID(). (2) The security label to create files as. This is the label attached to root directory of the cache. This is obtained by cachefiles_determine_cache_secid(). David