From: Chris Wright <chrisw@sous-sol.org>
To: Andreas Gruenbacher <agruen@suse.de>
Cc: Stephen Smalley <sds@tycho.nsa.gov>, Jeff Mahoney <jeffm@suse.de>,
Christoph Hellwig <hch@infradead.org>, Tony Jones <tonyj@suse.de>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
chrisw@sous-sol.org, linux-security-module@vger.kernel.org,
viro@zeniv.linux.org.uk
Subject: Re: [RFC 0/28] Patches to pass vfsmount to LSM inode security hooks
Date: Wed, 7 Feb 2007 07:43:32 -0800 [thread overview]
Message-ID: <20070207154332.GF10574@sequoia.sous-sol.org> (raw)
In-Reply-To: <200702070055.10856.agruen@suse.de>
* Andreas Gruenbacher (agruen@suse.de) wrote:
> Reiserfs currently only marks the ".reiserfs_priv" directory as private, but
> not the files below it -- how about the attached patch to fix that?
I don't think that's right. Look at ->create or ->lookup. Both of those
properly set the private flag. This patch looks like a step backwards,
sprinkling the init in so many places.
> Fix reiserfs xattrs for selinux
>
> Mark all inodes used for reiserfs xattrs as private so that selinux
> (or any other LSM) will not try to mediate access to the files and
> directories used as the xattr backing store. The xattr operations
> are already protected through the xattr LSM hooks.
>
> There is no real reason for having reiserfs_mark_inode_private --
> remove it and directly mark the inodes as private.
>
> Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
> Cc: Jeff Mahoney <jeffm@suse.de>
>
> Index: b/fs/reiserfs/xattr.c
> ===================================================================
> --- a/fs/reiserfs/xattr.c
> +++ b/fs/reiserfs/xattr.c
> @@ -79,6 +79,7 @@ static struct dentry *create_xa_root(str
> dput(privroot);
> return ERR_PTR(err);
> }
> + xaroot->d_inode->i_flags |= S_PRIVATE;
Already handled in the above ->mkdir
> REISERFS_SB(sb)->xattr_root = dget(xaroot);
> }
>
> @@ -108,6 +109,7 @@ static struct dentry *__get_xa_root(stru
> goto out;
> }
>
> + xaroot->d_inode->i_flags |= S_PRIVATE;
Already handled during xa_root creation
> REISERFS_SB(s)->xattr_root = dget(xaroot);
>
> out:
> @@ -183,6 +185,7 @@ static struct dentry *open_xa_dir(const
> return ERR_PTR(-ENODATA);
> }
> }
> + xadir->d_inode->i_flags |= S_PRIVATE;
Already handled in lookup or mkdir
> dput(xaroot);
> return xadir;
> @@ -235,6 +238,8 @@ static struct dentry *get_xa_file_dentry
> dput(xadir);
> if (err)
> xafile = ERR_PTR(err);
> + else
> + xafile->d_inode->i_flags |= S_PRIVATE;
Already handled in lookup or create
> return xafile;
> }
>
> @@ -715,6 +720,7 @@ __reiserfs_xattr_del(struct dentry *xadi
> err = -ENODATA;
> goto out_file;
> }
Already handled in lookup
etc...
next prev parent reply other threads:[~2007-02-07 15:36 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-05 18:22 [RFC 0/28] Patches to pass vfsmount to LSM inode security hooks Tony Jones
2007-02-05 18:22 ` [RFC 1/28] Pass struct vfsmount to the inode_create LSM hook Tony Jones
2007-02-05 18:22 ` [RFC 2/28] Remove redundant check from proc_setattr() Tony Jones
2007-02-05 19:16 ` Chris Wright
2007-02-05 18:22 ` [RFC 3/28] Pass struct file down to remove_suid and children Tony Jones
2007-02-05 18:22 ` [RFC 4/28] Add a vfsmount parameter to notify_change() Tony Jones
2007-02-05 18:23 ` [RFC 5/28] Pass struct vfsmount to the inode_setattr LSM hook Tony Jones
2007-02-05 18:23 ` [RFC 6/28] Add struct vfsmount parameter to vfs_mkdir() Tony Jones
2007-02-05 18:23 ` [RFC 7/28] Pass struct vfsmount to the inode_mkdir LSM hook Tony Jones
2007-02-05 18:23 ` [RFC 8/28] Add a struct vfsmount parameter to vfs_mknod() Tony Jones
2007-02-05 18:23 ` [RFC 9/28] Pass struct vfsmount to the inode_mknod LSM hook Tony Jones
2007-02-05 18:23 ` [RFC 10/28] Add a struct vfsmount parameter to vfs_symlink() Tony Jones
2007-02-05 18:23 ` [RFC 11/28] Pass struct vfsmount to the inode_symlink LSM hook Tony Jones
2007-02-05 18:24 ` [RFC 12/28] Pass struct vfsmount to the inode_readlink " Tony Jones
2007-02-05 18:24 ` [RFC 13/28] Add struct vfsmount parameters to vfs_link() Tony Jones
2007-02-05 18:24 ` [RFC 14/28] Pass struct vfsmount to the inode_link LSM hook Tony Jones
2007-02-05 18:24 ` [RFC 15/28] Add a struct vfsmount parameter to vfs_rmdir() Tony Jones
2007-02-05 18:24 ` [RFC 16/28] Pass struct vfsmount to the inode_rmdir LSM hook Tony Jones
2007-02-05 18:24 ` [RFC 17/28] Add a struct vfsmount parameter to vfs_unlink() Tony Jones
2007-02-05 18:25 ` [RFC 18/28] Pass struct vfsmount to the inode_unlink LSM hook Tony Jones
2007-02-05 18:25 ` [RFC 19/28] Add struct vfsmount parameters to vfs_rename() Tony Jones
2007-02-05 18:25 ` [RFC 20/28] Pass struct vfsmount to the inode_rename LSM hook Tony Jones
2007-02-05 18:25 ` [RFC 21/28] Add a struct vfsmount parameter to vfs_setxattr() Tony Jones
2007-02-05 18:25 ` [RFC 22/28] Pass struct vfsmount to the inode_setxattr LSM hook Tony Jones
2007-02-05 18:25 ` [RFC 23/28] Add a struct vfsmount parameter to vfs_getxattr() Tony Jones
2007-02-05 18:25 ` [RFC 24/28] Pass struct vfsmount to the inode_getxattr LSM hook Tony Jones
2007-02-05 18:26 ` [RFC 25/28] Add a struct vfsmount parameter to vfs_listxattr() Tony Jones
2007-02-05 18:26 ` [RFC 26/28] Pass struct vfsmount to the inode_listxattr LSM hook Tony Jones
2007-02-05 18:26 ` [RFC 27/28] Add a struct vfsmount parameter to vfs_removexattr() Tony Jones
2007-02-05 18:26 ` [RFC 28/28] Pass struct vfsmount to the inode_removexattr LSM hook Tony Jones
2007-02-05 18:44 ` [RFC 0/28] Patches to pass vfsmount to LSM inode security hooks Christoph Hellwig
2007-02-05 18:58 ` Trond Myklebust
2007-02-05 19:02 ` Christoph Hellwig
2007-02-06 3:20 ` Andreas Gruenbacher
2007-02-06 8:51 ` Trond Myklebust
2007-02-06 9:48 ` Christoph Hellwig
2007-02-06 10:31 ` Neil Brown
2007-02-07 9:25 ` Andreas Gruenbacher
2007-02-06 9:47 ` Christoph Hellwig
2007-02-06 10:26 ` Neil Brown
2007-02-06 10:37 ` Christoph Hellwig
2007-02-12 18:32 ` J. Bruce Fields
2007-02-07 9:58 ` Andreas Gruenbacher
2007-02-07 12:11 ` Christoph Hellwig
2007-02-05 19:15 ` Chris Wright
2007-02-06 0:44 ` Andreas Gruenbacher
2007-02-06 2:13 ` Andreas Gruenbacher
2007-02-06 9:52 ` Christoph Hellwig
2007-02-07 9:04 ` Andreas Gruenbacher
2007-02-06 12:55 ` Stephen Smalley
2007-02-07 8:55 ` Andreas Gruenbacher
2007-02-07 15:43 ` Chris Wright [this message]
2007-02-07 16:06 ` Stephen Smalley
2007-02-07 16:25 ` Jeff Mahoney
2007-02-07 19:55 ` Andreas Gruenbacher
2007-02-05 19:26 ` Casey Schaufler
2007-02-05 19:39 ` Arjan van de Ven
2007-02-05 19:50 ` Chris Wright
2007-02-05 20:23 ` Casey Schaufler
2007-02-06 2:30 ` Andreas Gruenbacher
2007-02-06 14:20 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070207154332.GF10574@sequoia.sous-sol.org \
--to=chrisw@sous-sol.org \
--cc=agruen@suse.de \
--cc=hch@infradead.org \
--cc=jeffm@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tonyj@suse.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).