Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

[Casey Schaufler]

--- James Morris <jmorris@xxxxxxxxx> wrote:

> On Thu, 9 Aug 2007, David Howells wrote:
> 
> > James Morris <jmorris@xxxxxxxxx> wrote:
> > 
> > > David, I've looked at the code and can't see that you need to access the 
> > > label itself outside the LSM.  Could you instead simply pass the inode 
> > > pointer around?
> > 
> > It's not quite that simple.  I need to impose *two* security labels in
> > cachefiles_begin_secure() when I'm about to act on behalf of a process
> that's
> > tried to access a netfs file:
> 
> Ah ok, we had a similar problem with NFS mount options.
> 
> While I'm concerned about encoding SELinux-optimized secid labels into 
> general kernel structures, moving to more generalized pointers introduces 
> lifecycle maintenance issues and complexity which is not needed in the 
> mainline kernel.  i.e. it'll be unused infrastructure maintained by 
> upstream, and used only by out-of-tree modules.
> 
> So, given that the kernel has no stable API, I suggest accepting the u32 
> secid as you propose, and if someone wants to merge a module which also 
> uses these hooks, but is entirely unable to use u32 labels, then they can 
> also justify making the interface more generalized and provide the code 
> for it.

Grumble. Yet another thing to undo in the near future. I still
hope to suggest what I would consider a viable alternative "soon".


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/