Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

[David Howells]

James Morris <jmorris@xxxxxxxxx> wrote:

> David, I've looked at the code and can't see that you need to access the 
> label itself outside the LSM.  Could you instead simply pass the inode 
> pointer around?

It's not quite that simple.  I need to impose *two* security labels in
cachefiles_begin_secure() when I'm about to act on behalf of a process that's
tried to access a netfs file:

 (1) The security label to act as.  This is the label attached to the
     cachefilesd process when it starts the cache.  This is obtained by
     cachefiles_get_security_ID().

 (2) The security label to create files as.  This is the label attached to
     root directory of the cache.  This is obtained by
     cachefiles_determine_cache_secid().

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/