[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]

From: David Howells <dhowells redhat com>
To: James Morris <jmorris namei org>
Cc: akpm osdl org, linux-kernel vger kernel org, nfsv4 linux-nfs org, trond myklebust fys uio no, linux-fsdevel vger kernel org, torvalds osdl org, linux-cachefs redhat com, Casey Schaufler <casey schaufler-ca com>
Subject: [Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
Date: Thu, 09 Aug 2007 20:07:39 +0100

James Morris <jmorris namei org> wrote:

> David, I've looked at the code and can't see that you need to access the 
> label itself outside the LSM.  Could you instead simply pass the inode 
> pointer around?

It's not quite that simple.  I need to impose *two* security labels in
cachefiles_begin_secure() when I'm about to act on behalf of a process that's
tried to access a netfs file:

 (1) The security label to act as.  This is the label attached to the
     cachefilesd process when it starts the cache.  This is obtained by
     cachefiles_get_security_ID().

 (2) The security label to create files as.  This is the label attached to
     root directory of the cache.  This is obtained by
     cachefiles_determine_cache_secid().

David

Follow-Ups:
- [Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
  - From: James Morris

References:
- [Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
  - From: James Morris
- [Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
  - From: Casey Schaufler

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]