From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul.moore@hp.com>, James Morris <jmorris@namei.org>
Cc: David Howells <dhowells@redhat.com>,
sds@tycho.nsa.gov, casey@schaufler-ca.com,
Trond.Myklebust@netapp.com, npiggin@suse.de,
linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH 08/26] Add a secctx_to_secid() LSM hook to go along with the existing
Date: Wed, 16 Jan 2008 09:08:16 -0800 (PST) [thread overview]
Message-ID: <229068.55387.qm@web36604.mail.mud.yahoo.com> (raw)
In-Reply-To: <200801160841.46633.paul.moore@hp.com>
--- Paul Moore <paul.moore@hp.com> wrote:
> On Tuesday 15 January 2008 8:05:27 pm James Morris wrote:
> > On Tue, 15 Jan 2008, David Howells wrote:
> > > secid_to_secctx() LSM hook. This patch also includes the SELinux
> > > implementation for this hook.
> > >
> > > Signed-off-by: Paul Moore <paul.moore@hp.com>
> > > Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> >
> > This is useful in its own right, and I would like to push it upstream for
> > 2.6.24 unless there are any objections.
>
> Isn't it a bit late in 2.6.24 to add new functionality, especially when there
>
> isn't an in-tree user for it in 2.6.24?
>
> You are right, there are several users of this function currently under
> development but I'm pretty sure all of them are targeting 2.6.25 or greater.
>
> With that in mind, I think the prudent thing to is to wait and push this
> upstream for 2.6.25.
I concur with Paul. I had to delete the message I was composing because
it said exactly the same thing.
I do think that we need to put some thought into what a secid
really is and what a secctx ought to look like what with multiple
user cropping up for them. To date audit is the only out-of-LSM
user of the secctx, and assumes it's a printable text string, but
if cacheing is going to be using it as well we're approaching the
secctx being a "general" interface, and hence a part of the LSM
proper. Probably makes sense to include something in the LSM
documentation. With luck, someone who spells better than I will
beat me to it, but such an update is on my todo list.
Casey Schaufler
casey@schaufler-ca.com
next prev parent reply other threads:[~2008-01-16 17:08 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-15 23:46 [PATCH 00/26] Permit filesystem local caching David Howells
2008-01-15 23:46 ` [PATCH 01/26] KEYS: Increase the payload size when instantiating a key David Howells
2008-01-15 23:47 ` [PATCH 02/26] KEYS: Check starting keyring as part of search David Howells
2008-01-15 23:47 ` [PATCH 03/26] KEYS: Allow the callout data to be passed as a blob rather than a string David Howells
2008-01-15 23:47 ` [PATCH 04/26] KEYS: Add keyctl function to get a security label David Howells
2008-01-16 15:47 ` Stephen Smalley
2008-01-15 23:47 ` [PATCH 05/26] Security: Change current->fs[ug]id to current_fs[ug]id() David Howells
2008-01-15 23:47 ` [PATCH 06/26] Security: Separate task security context from task_struct David Howells
2008-01-17 17:14 ` [PATCH 06a/26] Extra task_struct -> task_security separation David Howells
2008-01-17 17:17 ` [PATCH 06b/26] Security: Make NFSD work with detached security David Howells
2008-01-17 20:48 ` J. Bruce Fields
2008-01-17 22:48 ` David Howells
2008-01-17 23:02 ` David Howells
2008-01-15 23:47 ` [PATCH 07/26] Security: De-embed task security record from task and use refcounting David Howells
2008-01-15 23:47 ` [PATCH 08/26] Add a secctx_to_secid() LSM hook to go along with the existing David Howells
2008-01-16 1:05 ` James Morris
2008-01-16 13:41 ` Paul Moore
2008-01-16 17:08 ` Casey Schaufler [this message]
2008-01-16 22:13 ` James Morris
2008-01-16 22:19 ` Paul Moore
2008-01-15 23:47 ` [PATCH 09/26] Security: Pre-add additional non-caching classes David Howells
2008-01-15 23:47 ` [PATCH 10/26] Security: Add a kernel_service object class to SELinux David Howells
2008-01-15 23:47 ` [PATCH 11/26] Security: Allow kernel services to override LSM settings for task actions David Howells
2008-01-15 23:47 ` [PATCH 12/26] FS-Cache: Release page->private after failed readahead David Howells
2008-01-15 23:48 ` [PATCH 13/26] FS-Cache: Recruit a couple of page flags for cache management David Howells
2008-01-15 23:48 ` [PATCH 14/26] FS-Cache: Provide an add_wait_queue_tail() function David Howells
2008-01-15 23:48 ` [PATCH 15/26] FS-Cache: Generic filesystem caching facility David Howells
2008-01-15 23:48 ` [PATCH 16/26] CacheFiles: Add missing copy_page export for ia64 David Howells
2008-01-15 23:48 ` [PATCH 17/26] CacheFiles: Be consistent about the use of mapping vs file->f_mapping in Ext3 David Howells
2008-01-15 23:48 ` [PATCH 18/26] CacheFiles: Add a hook to write a single page of data to an inode David Howells
2008-01-15 23:48 ` [PATCH 19/26] CacheFiles: Permit the page lock state to be monitored David Howells
2008-01-15 23:48 ` [PATCH 20/26] CacheFiles: Export things for CacheFiles David Howells
2008-01-15 23:48 ` [PATCH 21/26] CacheFiles: A cache that backs onto a mounted filesystem David Howells
2008-01-15 23:48 ` [PATCH 22/26] NFS: Fix memory leak David Howells
2008-01-15 23:48 ` [PATCH 23/26] NFS: Use local caching David Howells
2008-01-15 23:49 ` [PATCH 24/26] NFS: Configuration and mount option changes to enable local caching on NFS David Howells
2008-01-15 23:49 ` [PATCH 25/26] NFS: Display local caching state David Howells
2008-01-15 23:49 ` [PATCH 26/26] NFS: Separate caching by superblock, explicitly if necessary David Howells
2008-01-16 0:58 ` [PATCH 00/26] Permit filesystem local caching James Morris
2008-01-16 16:48 ` David Howells
2008-01-16 1:52 ` James Morris
2008-01-16 2:24 ` Kyle Moffett
2008-01-16 16:55 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=229068.55387.qm@web36604.mail.mud.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=Trond.Myklebust@netapp.com \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=npiggin@suse.de \
--cc=paul.moore@hp.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox