From: hooanon05@yahoo.co.jp
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC] Add a counter in task_struct for skipping permission check. (Was: Should LSM hooks be called by filesystem's requests?)
Date: Wed, 23 Jul 2008 00:46:00 +0900 [thread overview]
Message-ID: <8047.1216741560@jrobl> (raw)
In-Reply-To: <200807221959.HDJ90154.FFLMOtVOOQJFSH@I-love.SAKURA.ne.jp>
Tetsuo Handa:
> I have a problem with unionfs and LSM.
> The unionfs causes NULL pointer dereference if copyup_dentry()
> failed by LSM's decision, so I'm searching for a solution.
:::
> I think this patch can disable LSM checks if vfs_*() and
> notify_change() is called by unionfs's internal operations.
> This patch is just an idea, not tested at all.
>
> Does somebody have a solution?
How about 'delegate' feature in AUFS?
(from the aufs manual)
If you do not want your application to access branches through aufs or
to be traced strictly by task I/O accounting, you can
use the kernel threads in aufs. If you enable CONFIG_AUFS_DLGT and
specify `dlgt' mount option, then
aufs delegates its internal
access to the branches to the kernel threads.
When you define CONFIG_SECURITY and use any type of Linux Security Module
(LSM), for example SUSE AppArmor, you may meet some errors or
warnings from your security module. Because aufs access its branches
internally, your security module may detect, report, or prohibit it.
The behaviour is highly depending upon your security module and its
configuration.
In this case, you can use `dlgt' mount option, too.
Your LSM will see the
aufs kernel threads access to the branch, instead of your
application.
Junjiro Okajima
next prev parent reply other threads:[~2008-07-22 15:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200807142020.BCC17654.SMtQFVFOFOHOJL@I-love.SAKURA.ne.jp>
[not found] ` <487C22A2.9090402@schaufler-ca.com>
2008-07-22 10:59 ` [RFC] Add a counter in task_struct for skipping permission check. (Was: Should LSM hooks be called by filesystem's requests?) Tetsuo Handa
2008-07-22 15:46 ` hooanon05 [this message]
2008-07-22 17:30 ` Erez Zadok
2008-07-23 1:38 ` Peter Dolding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8047.1216741560@jrobl \
--to=hooanon05@yahoo.co.jp \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).