From: David Howells <dhowells@redhat.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: dhowells@redhat.com, Kentaro Takeda <takedakn@nttdata.co.jp>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Toshiharu Harada <haradats@nttdata.co.jp>,
linux-kernel@vger.kernel.org
Subject: Re: Are path-based LSM hooks called from the wrong places?
Date: Thu, 26 Mar 2009 16:14:26 +0000 [thread overview]
Message-ID: <18658.1238084066@redhat.com> (raw)
In-Reply-To: <20090326155357.GS28946@ZenIV.linux.org.uk>
Al Viro <viro@ZenIV.linux.org.uk> wrote:
> If you start from inode (or dentry, for that matter), you don't *have*
> a pathname at all.
When I'm starting from a dentry, I do have a vfsmount as well - it's just that
vfs_mkdir() or whatever doesn't currently take it (which is perhaps reasonable
as NFSD and eCryptFS might not have it available).
> The real question is, do you want these checks to apply and if you do -
> which path do you want to use (esp. if you have multiple namespaces)?
The path to be used is straightforward: I do, after all, have a vfsmount, and
that plus dentry is all that is required for security_path_*() - which seems
slightly odd since it takes no account of chroot(), but that's probably fine.
As to whether these checks should be applied... The SELinux ones need to be,
so I'd've thought the same would be true for TOMOYO.
Seems I might need to split such as sys_mkdirat() to separate the path lookup
from the security checks:-/
As I said, what I don't want to have to do is attempt to regenerate the full
pathname, especially if the pathname isn't accessible from within the current
process's chroot or namespace.
David
next prev parent reply other threads:[~2009-03-26 16:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-25 16:14 Are path-based LSM hooks called from the wrong places? David Howells
2009-03-26 7:14 ` Kentaro Takeda
2009-03-26 15:53 ` Al Viro
2009-03-26 16:14 ` David Howells [this message]
2009-03-26 16:19 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18658.1238084066@redhat.com \
--to=dhowells@redhat.com \
--cc=haradats@nttdata.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=takedakn@nttdata.co.jp \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox