Question about inode and dentry

Question about inode and dentry

[bill4carson]

Hi, all

Really new to fs area ;) I'm trying to port Umbrella project based on linux-2.6.11,
which implementing Process-Based Access Control (PBAC) to linux-2.6.34.

The key of Umbrella project is to restrict process access from some directory/files,
these restriction can be fetched from /proc/umbrella. First the directory/file path is
parsed from struct dentry, then every inode operation finally has to be checked against
the restrictions with current accessed path involved. This basically how it works.

In linux-2.6.11, struct dentry is used by nd->dentry.

int permission(struct inode *inode, int mask, struct nameidata *nd)
   -> security_inode_permission
      -> security_ops->inode_permission




But in linux-2.6.34, struct nameidata is not used any more, how can I get proper struct
dentry from inode?

int inode_permission(struct inode *inode, int mask)
   -> security_inode_permission
       -> security_ops->inode_permission


Thanks in advance.

-- 
八百里秦川尘土飞扬,三千万老陕齐吼秦腔。

--bill
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Question about inode and dentry

[Tetsuo Handa]

bill4carson wrote:
> But in linux-2.6.34, struct nameidata is not used any more, how can I get proper struct
> dentry from inode?

You cannot. Please use security_path_*() hooks instead.

Also, linux-security-module@vger.kernel.org would be better for
discussion about access control modules.

Re: Question about inode and dentry

[Richard Weinberger]

On Fri, Nov 1, 2013 at 8:24 AM, bill4carson <bill4carson@gmail.com> wrote:
> Hi, all
>
> Really new to fs area ;) I'm trying to port Umbrella project based on
> linux-2.6.11,
> which implementing Process-Based Access Control (PBAC) to linux-2.6.34.

Instead of porting it from stone age to mid age, bring it mainline.
This is the only way to have such issues automatically solved.

-- 
Thanks,
//richard

Re: Question about inode and dentry

[bill4carson]

On 2013年11月01日 23:07, Richard Weinberger wrote:
> On Fri, Nov 1, 2013 at 8:24 AM, bill4carson<bill4carson@gmail.com>  wrote:
>> Hi, all
>>
>> Really new to fs area ;) I'm trying to port Umbrella project based on
>> linux-2.6.11,
>> which implementing Process-Based Access Control (PBAC) to linux-2.6.34.
>
> Instead of porting it from stone age to mid age, bring it mainline.
> This is the only way to have such issues automatically solved.
>

Hi, Richard and Tetsuo-san

Thanks for your information :)

-- 
八百里秦川尘土飞扬,三千万老陕齐吼秦腔。

--bill
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html