Re: graft_tree/attach_mnt rfc

From: Chris Wright (chrisat_private)
Date: Mon Sep 30 2002 - 02:17:46 PDT

  • Next message: Stephen Smalley: "Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2"

    * Serge E. Hallyn (hallynat_private) wrote:
    > > > label.  Is attaching a tree to the namespace something that needs to be
    > > > mediated, or simply recorded?
    > > > 
    > > 
    > > Anyone using a security policy that derives inode security
    > > information from the namespace needs to follow additions and removals
    > > in the namespace, not just references to superblocks.
    > > We do it that way for one.
    > 
    > He's not asking whether we want record, but whether we are willing
    > *only* to record, and not mediate.
    
    Yeah, exactly.
    
    > If we only record, DTE can no longer say "this fs can't be mounted under
    > this pathname."  But it does make for a far cleaner patch, and I can
    > still intercept the attach in order to pretend it was mounted elsewhere.
    
    I think this is still possible because the code paths look like:
    namespace_operation
    	if(check_sb() is ok)
    		attach_mnt() [post_addmount() as side effect]
    
    > So, given how much cleaner Chris' patch is, I'd say simply recording is
    > the better way to go.
    
    so could we get rid of the check_sb stage?  btw, that patch is old and
    completely untested...just a conceptual thing ;-)
    
    zzZZ,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 02:26:14 PDT