From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932650AbbFELvB (ORCPT ); Fri, 5 Jun 2015 07:51:01 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:41133 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932461AbbFELus (ORCPT ); Fri, 5 Jun 2015 07:50:48 -0400 Date: Fri, 5 Jun 2015 20:50:45 +0900 From: "'Greg Kroah-Hartman'" To: Namjae Jeon Cc: "'Kay Sievers'" , linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/3] driver: core: add security labels to devtmpfs Message-ID: <20150605115045.GC12012@kroah.com> References: <00ec01d09f77$d5f6f2c0$81e4d840$@samsung.com> <20150605102027.GC3802@kroah.com> <016401d09f80$fdb0b130$f9121390$@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <016401d09f80$fdb0b130$f9121390$@samsung.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 05, 2015 at 08:15:55PM +0900, Namjae Jeon wrote: > > On Fri, Jun 05, 2015 at 07:10:23PM +0900, Namjae Jeon wrote: > > > Add support for setting security labels(e.g. smack or selinux labels) to > > > devtmpfs device nodes. In this manner, drivers can specify desired security > > > label in their device_type->devnode or class->devnode method. > > > > What driver wants to do this? And how does it determine the proper > > security label from within the kernel? Isn't that something that only > > userspace can know/set properly? > Yes, It is possible by userspace, But This api change will help to set uid/gid > and xattr values easily without need of complex userspace scripts in absence of > udev like helper. If you want to do things like this, use a "complex" userspace script like Android has for their startup (hint, it's just a tiny bash script, nothing "complex" about it at all...) > And security label that decided as per each embedded system will be set by > this api in driver. Exactly how will that happen? I don't see any users of it. greg k-h