[Linux-cachefs] Re: [PATCH 11/14] CacheFiles: Permit an inode's security ID to be obtained [try #2]
Casey Schaufler
casey at schaufler-ca.com
Thu Aug 9 20:33:57 UTC 2007
--- James Morris <jmorris at namei.org> wrote:
> On Thu, 9 Aug 2007, David Howells wrote:
>
> > James Morris <jmorris at namei.org> wrote:
> >
> > > David, I've looked at the code and can't see that you need to access the
> > > label itself outside the LSM. Could you instead simply pass the inode
> > > pointer around?
> >
> > It's not quite that simple. I need to impose *two* security labels in
> > cachefiles_begin_secure() when I'm about to act on behalf of a process
> that's
> > tried to access a netfs file:
>
> Ah ok, we had a similar problem with NFS mount options.
>
> While I'm concerned about encoding SELinux-optimized secid labels into
> general kernel structures, moving to more generalized pointers introduces
> lifecycle maintenance issues and complexity which is not needed in the
> mainline kernel. i.e. it'll be unused infrastructure maintained by
> upstream, and used only by out-of-tree modules.
>
> So, given that the kernel has no stable API, I suggest accepting the u32
> secid as you propose, and if someone wants to merge a module which also
> uses these hooks, but is entirely unable to use u32 labels, then they can
> also justify making the interface more generalized and provide the code
> for it.
Grumble. Yet another thing to undo in the near future. I still
hope to suggest what I would consider a viable alternative "soon".
Casey Schaufler
casey at schaufler-ca.com
More information about the Linux-cachefs
mailing list