Re: [PATCH 2/7] Add a concept of a "secure" anonymous file

From: Christoph Hellwig
Date: Tue Oct 15 2019 - 04:08:36 EST

Next message: Michal Hocko: "Re: [RFC, PATCH] mm, thp: Try to bound number of pages on deferred split queue"
Previous message: Christoph Hellwig: "Re: [PATCH 1/7] Add a new flags-accepting interface for anonymous inodes"
In reply to: kbuild test robot: "Re: [PATCH 2/7] Add a concept of a "secure" anonymous file"
Next in thread: Daniel Colascione: "[PATCH 6/7] Allow users to require UFFD_SECURE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Oct 12, 2019 at 12:15:57PM -0700, Daniel Colascione wrote:
> A secure anonymous file is one we hooked up to its own inode (as
> opposed to the shared inode we use for non-secure anonymous files). A
> new selinux hook gives security modules a chance to initialize, label,
> and veto the creation of these secure anonymous files. Security
> modules had limit ability to interact with non-secure anonymous files
> due to all of these files sharing a single inode.

Again please add Al. Also explain what the problem would be to always
use a separate inode.

Next message: Michal Hocko: "Re: [RFC, PATCH] mm, thp: Try to bound number of pages on deferred split queue"
Previous message: Christoph Hellwig: "Re: [PATCH 1/7] Add a new flags-accepting interface for anonymous inodes"
In reply to: kbuild test robot: "Re: [PATCH 2/7] Add a concept of a "secure" anonymous file"
Next in thread: Daniel Colascione: "[PATCH 6/7] Allow users to require UFFD_SECURE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]