From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Subject: Re: [PATCH 01/19] Security: Add hook to calculate context based on
 a negative dentry.
Date: Tue, 2 Apr 2013 23:35:29 +0000
Message-ID: <1364945729.3026.7.camel@leira.trondhjem.org>
References: <1364939160-20874-1-git-send-email-SteveD@redhat.com>
	 <1364939160-20874-2-git-send-email-SteveD@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Cc: "J. Bruce Fields" <bfields@redhat.com>,
	"David P. Quigley" <dpquigl@tycho.nsa.gov>,
	Linux NFS list <linux-nfs@vger.kernel.org>,
	"Linux FS devel list" <linux-fsdevel@vger.kernel.org>,
	Linux Security List <linux-security-module@vger.kernel.org>,
	SELinux List <selinux@tycho.nsa.gov>
To: Steve Dickson <SteveD@redhat.com>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <1364939160-20874-2-git-send-email-SteveD@redhat.com>
Content-Language: en-US
Content-ID: <E6FD01671E40974C83F547D464937131@tahoe.netapp.com>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Tue, 2013-04-02 at 17:45 -0400, Steve Dickson wrote:
> From: David Quigley <dpquigl@davequigley.com>
> 
> There is a time where we need to calculate a context without the
> inode having been created yet. To do this we take the negative dentry and
> calculate a context based on the process and the parent directory contexts.
> 

Can you remind me again why this is needed? Basing security decisions on
the namespace seems just seems to run against the basic selinux concept.
Is it for apparmor and tomoyo support in LNFS?

-- 
Trond Myklebust
Linux NFS client maintainer

NetApp
Trond.Myklebust@netapp.com
www.netapp.com