[Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
David Howells
dhowells at redhat.com
Thu Aug 9 19:07:39 UTC 2007
James Morris <jmorris at namei.org> wrote:
> David, I've looked at the code and can't see that you need to access the
> label itself outside the LSM. Could you instead simply pass the inode
> pointer around?
It's not quite that simple. I need to impose *two* security labels in
cachefiles_begin_secure() when I'm about to act on behalf of a process that's
tried to access a netfs file:
(1) The security label to act as. This is the label attached to the
cachefilesd process when it starts the cache. This is obtained by
cachefiles_get_security_ID().
(2) The security label to create files as. This is the label attached to
root directory of the cache. This is obtained by
cachefiles_determine_cache_secid().
David
More information about the Linux-cachefs
mailing list