From: Casey Schaufler <casey@schaufler-ca.com>
To: David Quigley <dpquigl@davequigley.com>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
Steve Dickson <steved@redhat.com>,
Trond Myklebust <trond.myklebust@netapp.com>,
"J. Bruce Fields" <bfields@redhat.com>,
"David P. Quigley" <dpquigl@tycho.nsa.gov>,
Linux NFS list <linux-nfs@vger.kernel.org>,
Linux FS devel list <linux-fsdevel@vger.kernel.org>,
Linux Security List <linux-security-module@vger.kernel.org>,
SELinux List <selinux@tycho.nsa.gov>,
eparis@redhat.com, sds@tycho.nsa.gov,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 04/17] Security: Add hook to calculate context based on a negative dentry.
Date: Wed, 24 Apr 2013 18:27:26 -0700 [thread overview]
Message-ID: <5178867E.30704@schaufler-ca.com> (raw)
In-Reply-To: <dece1c7129e6927e9a92d38879818a46@countercultured.net>
On 4/24/2013 4:05 PM, David Quigley wrote:
> On 04/24/2013 19:03, J. Bruce Fields wrote:
>> On Wed, Apr 24, 2013 at 06:14:16PM -0400, David Quigley wrote:
>>> On 04/24/2013 18:12, Steve Dickson wrote:
>>> >On 24/04/13 18:02, J. Bruce Fields wrote:
>>> >>n Wed, Apr 24, 2013 at 04:17:50PM -0400, Steve Dickson wrote:
>>> >>>> From: David Quigley <dpquigl@davequigley.com>
>>> >>>>
>>> >>>> There is a time where we need to calculate a context without the
>>> >>>> inode having been created yet. To do this we take the
>>> >>>negative dentry and
>>> >>>> calculate a context based on the process and the parent
>>> >>>directory contexts.
>>> >>How can we get review from security/selinux folks? I can't
>>> >>apply these
>>> >>without....
>>> >Its my understand they have been reviewed a number times... And
>>> >they have not
>>> >change since I've working on these patches...
>>> >
>>> >steved.
>>> >--
>>> >To unsubscribe from this list: send the line "unsubscribe
>>> >linux-nfs" in
>>> >the body of a message to majordomo@vger.kernel.org
>>> >More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>> That is correct. They have been acked in the past and haven't
>>> changed at all since then.
For the record, I haven't ACKed because I have been unable to
get the NFS labeling to work with Smack. I also note that I
am not NAKing, either, as I have not had the time to determine
what's wrong. I do know that the ideas floated at the time turned
out to not be the problem. Hopefully I'll have time to look
into this sometime.
>>
>> Oh, OK, sorry--I lost track. (Do you have a pointer?)
>
> I may be able to crawl through MARC.info for my old email address to
> see if I can find it but that is probably more effort than its worth.
> All of those ACKs and what not are saved in my old NSA email (assuming
> its still being kept around).
>
>>
>>> I have contacted Eric Paris about
>>> reviewing them anyway so you can have a more recent ack on the
>>> patches.
>>
>> But that would be helpful too, thanks.
>>
>> --b.
>
>
> I think its a good idea to have Eric look through them anyway just to
> be sure.
>
> Dave
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
next prev parent reply other threads:[~2013-04-25 1:27 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-24 20:17 [PATCH 00/17] lnfs: 3.9-rc8 release Steve Dickson
2013-04-24 20:17 ` [PATCH 01/17] NFSv4.2: Added v4.2 error codes Steve Dickson
2013-04-24 21:54 ` J. Bruce Fields
2013-04-24 20:17 ` [PATCH 02/17] NFSv4.2: Added NFS v4.2 support to the NFS client Steve Dickson
2013-04-24 21:56 ` J. Bruce Fields
2013-04-24 20:17 ` [PATCH 03/17] NFSDv4.2: Added NFS v4.2 support to the NFS server Steve Dickson
2013-04-24 22:02 ` J. Bruce Fields
2013-04-25 14:10 ` Steve Dickson
2013-04-25 18:26 ` J. Bruce Fields
2013-04-24 20:17 ` [PATCH 04/17] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2013-04-24 22:02 ` J. Bruce Fields
2013-04-24 22:09 ` David Quigley
2013-04-24 22:12 ` Steve Dickson
2013-04-24 22:14 ` David Quigley
2013-04-24 23:03 ` J. Bruce Fields
2013-04-24 23:05 ` David Quigley
2013-04-25 1:27 ` Casey Schaufler [this message]
2013-04-25 1:43 ` J. Bruce Fields
2013-04-24 20:17 ` [PATCH 05/17] Security: Add Hook to test if the particular xattr is part of a MAC model Steve Dickson
2013-04-24 22:03 ` J. Bruce Fields
2013-04-24 20:17 ` [PATCH 06/17] LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data Steve Dickson
2013-04-24 22:03 ` J. Bruce Fields
2013-04-24 20:17 ` [PATCH 07/17] SELinux: Add new labeling type native labels Steve Dickson
2013-04-24 22:03 ` J. Bruce Fields
2013-04-24 22:06 ` David Quigley
2013-04-24 20:17 ` [PATCH 08/17] NFSv4: Add label recommended attribute and NFSv4 flags Steve Dickson
2013-04-24 20:17 ` [PATCH 09/17] NFSv4: Introduce new label structure Steve Dickson
2013-04-24 20:17 ` [PATCH 10/17] NFSv4: Extend fattr bitmaps to support all 3 words Steve Dickson
2013-04-24 20:17 ` [PATCH 11/17] NFS:Add labels to client function prototypes Steve Dickson
2013-04-24 20:17 ` [PATCH 12/17] NFS: Add label lifecycle management Steve Dickson
2013-04-24 20:17 ` [PATCH 13/17] NFS: Client implementation of Labeled-NFS Steve Dickson
2013-04-24 20:18 ` [PATCH 14/17] NFS: Extend NFS xattr handlers to accept the security namespace Steve Dickson
2013-04-24 20:18 ` [PATCH 15/17] Kconfig: Add Kconfig entry for Labeled NFS V4 client Steve Dickson
2013-04-24 20:18 ` [PATCH 16/17] NFSD: Server implementation of MAC Labeling Steve Dickson
2013-04-24 21:28 ` J. Bruce Fields
2013-04-24 22:14 ` Steve Dickson
2013-04-24 23:04 ` J. Bruce Fields
2013-04-24 20:18 ` [PATCH 17/17] Kconfig: Add Kconfig entry for Labeled NFS V4 server Steve Dickson
-- strict thread matches above, loose matches on Subject: below --
2013-04-29 12:57 [PATCH 00/17] lnfs: 3.9-rc8 release (take 2) Steve Dickson
2013-04-29 12:57 ` [PATCH 04/17] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2013-05-02 17:18 [PATCH 00/17] lnfs: linux-3.9 release Steve Dickson
2013-05-02 17:18 ` [PATCH 04/17] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2013-05-02 23:36 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5178867E.30704@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=bfields@fieldses.org \
--cc=bfields@redhat.com \
--cc=dpquigl@davequigley.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=eparis@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=steved@redhat.com \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).