Re: [PATCH] Call LSM functions outside VFS helper functions.

From: Matthew Wilcox <matthew@xxxxxx>
Date: Thu, 10 Apr 2008 06:17:25 -0600

On Thu, Apr 10, 2008 at 09:02:57PM +0900, Tetsuo Handa wrote:

If the conclusion became "vfsmount should not be passed to
VFS helper functions", that's OK, but I want you to consider
the below approach for AppArmor and TOMOYO Linux. This patch is a repost of
http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024 .

I'm a little disappointed that you simply repost this patch rather than
responding to my post from yesterday:

How about an approach which doesn't require the vfsmount to be passed
down?

When the rule is put in place, say "No modifications to /etc/passwd",
look up the inode and major:minor of /etc/passwd. If there's a rename,
look up the new inode number. If it's mounted elsewhere, it doesn't
matter, they still can't modify it because it has the same
major:minor:inode.

Is this workable?

Could you respond to this please?

--
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

References:
- [PATCH] Unionfs: use the new path_* VFS helpers
  - From: Erez Zadok
- Re: [PATCH] Unionfs: use the new path_* VFS helpers
  - From: Miklos Szeredi
- [PATCH] Call LSM functions outside VFS helper functions.
  - From: Tetsuo Handa

Prev by Date: Re: [BUG] linux-next: Tree for April 10 - kernel panic while loading ata driver on powermac
Next by Date: Re: Realtek 8111c weirdness problems, apic/msi, and normal bug
Previous by thread: [PATCH] Call LSM functions outside VFS helper functions.
Next by thread: Re: [PATCH] Call LSM functions outside VFS helper functions.
Index(es):
- Date
- Thread

Relevant Pages

Re: [Ext2-devel] [PATCH 1/2] ext2/3: Support 2^32-1 blocks(Kernel)
... This has partially been addressed by Takashi's patch for fs-blocksize ... extent index block or another inode to allow storing larger EAs). ... At the same time, if we reserve too much space, it hurts EAs fitting ... think that the inode timestamps even warrant that protection. ...
(Linux-Kernel)
Re: sysfs reclaim crash
... I don't have the pointer to d_inode ... to get the inode number. ... Though I was not able to recreate this race without the patch, ... sysfs_d_iputis invoked in dentry reclaim path under memory pressure. ...
(Linux-Kernel)
[patch 3/4] Refactor do_syslog interface
... This patch breaks out the read operations in do_sysloginto their ... there were declarations of do_syslog and a ... static int kmsg_open(struct inode * inode, ... static int kmsg_release(struct inode * inode, struct file * file) ...
(Linux-Kernel)
Re: [EXT4 set 7][PATCH 1/1]Remove 32000 subdirs limit.
... I have rebased this patch to 2.6.22-rc1 so that it can be added to the ... ext4 patch queue. ... Currently the maximum number of subdirectories is capped ... inode link count to 1 and no longer counts subdirectories. ...
(Linux-Kernel)
Re: 2.6.22-rc2: known regressions with patches
... Patch: http://lkml.org/lkml/2007/5/12/93 ... Jeremy Fitzhardinge wrote: ... I doubt it will matter - I don't think we are marking the inode dirty at ... log I/O completion). ...
(Linux-Kernel)