Re: [RFC][PATCH] Pass nameidata to security_inode_permission hook

From: Chris Wright
Date: Tue Sep 30 2003 - 01:17:48 EST

Next message: David S. Miller: "Re: [PATCH 2.6] pci.ids for e1000"
Previous message: Chris Wright: "Re: [PATCH] ACPI pci irq routing fix"
In reply to: Stephen Smalley: "[RFC][PATCH] Pass nameidata to security_inode_permission hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
> This patch against 2.6.0-test5 changes the security_inode_permission
> hook to also take a nameidata parameter in addition to the existing
> inode and mask parameters. A nameidata is already passed (although
> sometimes NULL) to fs/namei.c:permission(), and the patch changes
> exec_permission_lite() to also take a nameidata parameter so that it can
> pass it along to the security hook. The patch includes corresponding
> changes to the SELinux module to use the nameidata information when it
> is available; this allows SELinux to include pathname information in
> audit messages when a nameidata structure was supplied. If anyone has
> any objections to this change, please let me know.

Looks like Andrew already picked this up. I'll put it in the LSM tree
as well. It'd be nice if nameidata were never NULL and we could drop
the inode argument altogether. But we can make that change when the VFS
supports it.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: [PATCH 2.6] pci.ids for e1000"
Previous message: Chris Wright: "Re: [PATCH] ACPI pci irq routing fix"
In reply to: Stephen Smalley: "[RFC][PATCH] Pass nameidata to security_inode_permission hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]