From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932127AbbEKUcm (ORCPT ); Mon, 11 May 2015 16:32:42 -0400 Received: from smtp101.biz.mail.bf1.yahoo.com ([98.139.221.60]:42692 "EHLO smtp101.biz.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752571AbbEKUck (ORCPT ); Mon, 11 May 2015 16:32:40 -0400 X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: I3vMyI0VM1ky3nm_GR9pXJPA5q3SoR80hhIN_T15kAwFRUg 7k8vBJP2Bm6rpLq6oy0mh3UkPONCG0RMb.jt2V9VfXFlIoWZDp7wtqbsSHOr bgDEBNqYzoaUhISErqLba_Ayg6Xfmzi2fPfM_8FbMG.PjV4LaBBOB0hcKRbe rWqIx8va2xCy_5x5VuNITzRN4iS8OBHI9KDoQIA0VHvNzF_KOJZpsYfnSfW6 Vr.BECWRzMokI.ij48MW7EdDeDF3EpeUtd9lE0fmeEbifXHvnPOEe4LxmJ2B 3Mlk3OlWM9.zXHZJs3vqRWDRiDacf9rimN6.SPC6mYSjNwVvzES5EyxDUWQk IkBwnmxs1JB83P3e0KGB2wAgIMXjpf5RhhwcoC_XDgHC_2rELo7KuLa7Dm93 4kGrd06WvJbKqIelZ3vokEmYg4odS2E9rYsdBLwWH2vjQQY_5d0R_ZaRhjmo 5.Et8EDrEEh5nrroSdyR2Zn4Y49cNNjy4H9YOSHdLyoPzZU6wkzLo5iDUjyg K5gMQJyVuI3CgVyCNPO8U1CZulNmqlsmFrQ-- X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Message-ID: <555111E5.4040100@schaufler-ca.com> Date: Mon, 11 May 2015 13:32:37 -0700 From: Casey Schaufler User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Seung-Woo Kim , james.l.morris@oracle.com, serge@hallyn.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org CC: sds@tycho.nsa.gov, sumit.semwal@linaro.org, linaro-mm-sig@lists.linaro.org, jy0922.shim@samsung.com, Casey Schaufler Subject: Re: [PATCH] Smack: ignore private inode for smack_file_receive References: <1429247691-495-1-git-send-email-sw0312.kim@samsung.com> In-Reply-To: <1429247691-495-1-git-send-email-sw0312.kim@samsung.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/16/2015 10:14 PM, Seung-Woo Kim wrote: > The dmabuf fd can be shared between processes via unix domain > socket. The file of dmabuf fd is came from anon_inode. The inode > has no set and get xattr operations, so it can not be shared > between processes with smack. This patch fixes just to ignore > private inode including anon_inode for smack_file_receive. > > Signed-off-by: Seung-Woo Kim Acked-by: Casey Schaufler Applied to git@github.com:cschaufler/smack-next.git smack-for-4.2 > --- > security/smack/smack_lsm.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 69fdc38..d1bb411 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -1673,6 +1673,9 @@ static int smack_file_receive(struct file *file) > struct smk_audit_info ad; > struct inode *inode = file_inode(file); > > + if (unlikely(IS_PRIVATE(inode))) > + return 0; > + > smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); > smk_ad_setfield_u_fs_path(&ad, file->f_path); > /*