From: Vivek Goyal <vgoyal@redhat.com>
To: miklos@szeredi.hu, sds@tycho.nsa.gov,
linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: dwalsh@redhat.com, dhowells@redhat.com, pmoore@redhat.com,
viro@ZenIV.linux.org.uk, vgoyal@redhat.com,
linux-fsdevel@vger.kernel.org
Subject: [PATCH 3/5] selinux: Pass security pointer to determine_inode_label()
Date: Tue, 5 Jul 2016 11:50:52 -0400 [thread overview]
Message-ID: <1467733854-6314-4-git-send-email-vgoyal@redhat.com> (raw)
In-Reply-To: <1467733854-6314-1-git-send-email-vgoyal@redhat.com>
Right now selinux_determine_inode_label() works on security pointer of
current task. Soon I need this to work on a security pointer retrieved
from a set of creds. So start passing in a pointer and caller can decide
where to fetch security pointer from.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
security/selinux/hooks.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c68223c..86a07ed 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1785,13 +1785,13 @@ out:
/*
* Determine the label for an inode that might be unioned.
*/
-static int selinux_determine_inode_label(struct inode *dir,
- const struct qstr *name,
- u16 tclass,
+static int selinux_determine_inode_label(const void *security,
+ struct inode *dir,
+ const struct qstr *name, u16 tclass,
u32 *_new_isid)
{
const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
- const struct task_security_struct *tsec = current_security();
+ const struct task_security_struct *tsec = security;
if ((sbsec->flags & SE_SBINITIALIZED) &&
(sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
@@ -1834,8 +1834,8 @@ static int may_create(struct inode *dir,
if (rc)
return rc;
- rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass,
- &newsid);
+ rc = selinux_determine_inode_label(current_security(), dir,
+ &dentry->d_name, tclass, &newsid);
if (rc)
return rc;
@@ -2815,7 +2815,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
u32 newsid;
int rc;
- rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name,
+ rc = selinux_determine_inode_label(current_security(),
+ d_inode(dentry->d_parent), name,
inode_mode_to_security_class(mode),
&newsid);
if (rc)
@@ -2840,7 +2841,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
sid = tsec->sid;
newsid = tsec->create_sid;
- rc = selinux_determine_inode_label(
+ rc = selinux_determine_inode_label(current_security(),
dir, qstr,
inode_mode_to_security_class(inode->i_mode),
&newsid);
--
2.7.4
next prev parent reply other threads:[~2016-07-05 15:50 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-05 15:50 [PATCH 0/5][RFC] Overlayfs SELinux Support Vivek Goyal
2016-07-05 15:50 ` [PATCH 1/5] security, overlayfs: provide copy up security hook for unioned files Vivek Goyal
2016-07-05 16:53 ` kbuild test robot
2016-07-05 16:53 ` kbuild test robot
2016-07-05 17:43 ` Vivek Goyal
2016-07-05 17:20 ` kbuild test robot
2016-07-05 17:20 ` kbuild test robot
2016-07-05 19:36 ` Casey Schaufler
2016-07-05 20:42 ` Vivek Goyal
2016-07-07 20:33 ` Vivek Goyal
2016-07-07 21:44 ` Casey Schaufler
2016-07-08 7:21 ` Miklos Szeredi
2016-07-08 12:45 ` Vivek Goyal
2016-07-08 13:42 ` Vivek Goyal
2016-07-08 15:34 ` Casey Schaufler
2016-07-05 21:35 ` Paul Moore
2016-07-05 21:52 ` Vivek Goyal
2016-07-05 22:03 ` Paul Moore
2016-07-05 15:50 ` [PATCH 2/5] security,overlayfs: Provide security hook for copy up of xattrs for overlay file Vivek Goyal
2016-07-05 20:22 ` Casey Schaufler
2016-07-05 21:15 ` Vivek Goyal
2016-07-05 21:34 ` Casey Schaufler
2016-07-06 17:09 ` Vivek Goyal
2016-07-06 17:50 ` Vivek Goyal
2016-07-06 19:01 ` Vivek Goyal
2016-07-06 19:22 ` Casey Schaufler
2016-07-05 21:45 ` Paul Moore
2016-07-05 21:53 ` Vivek Goyal
2016-07-05 15:50 ` Vivek Goyal [this message]
2016-07-05 20:25 ` [PATCH 3/5] selinux: Pass security pointer to determine_inode_label() Casey Schaufler
2016-07-05 21:09 ` Vivek Goyal
2016-07-05 15:50 ` [PATCH 4/5] overlayfs: Correctly label newly created file over whiteout Vivek Goyal
2016-07-05 15:50 ` [PATCH 5/5] overlayfs: Use vfs_getxattr_noperm() for real inode Vivek Goyal
2016-07-05 20:29 ` Casey Schaufler
2016-07-05 21:16 ` Vivek Goyal
2016-07-06 4:36 ` Miklos Szeredi
2016-07-06 10:54 ` Vivek Goyal
2016-07-06 14:58 ` Miklos Szeredi
2016-07-07 18:35 ` Vivek Goyal
2016-07-08 7:06 ` Miklos Szeredi
2016-07-08 15:28 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467733854-6314-4-git-send-email-vgoyal@redhat.com \
--to=vgoyal@redhat.com \
--cc=dhowells@redhat.com \
--cc=dwalsh@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.