Re: path_post_lookup

From: Stephen Smalley (sdsat_private)
Date: Wed Sep 03 2003 - 06:05:14 PDT

  • Next message: Yuan ChunYang: "how to get ip options in lsm hook function -- security_socket_recvmsg?"

    On Tue, 2003-09-02 at 18:54, Charles Levert wrote:
    > > What if the directory tree is mutated between the link_path_walk
    > > resolution and the call to your security hook?
    > I only take the result, whatever it is.  I do not duplicate any of the
    > complexity in link_path_walk.  So, I don't care if something has changed
    > in between.
    You are relying on the directory tree remaining stable for your
    traversal of the parent links until you find the "capability" or reach
    the root.  If the directory tree changes between the link_path_walk
    traversal and your hook's traversal, then you may have faulty results. 
    > I'm sorry, you are (mostly) loosing me here.  Do you have any references
    > for this stuff (or source files to read).  I am aware of per-process
    > namespaces in Plan 9, but not in Linux.
    They have existed in Linux for some time.  See
    Also read about bind mounts
    > To be honest, I developed my prototype around 2.4.20-lsm1 where there
    > was no d_instantiate hook.  I have taken a look at dte_d_instantiate
    > in 2.5.72-lsm1 and I am having trouble seeing this traversal of the
    > directory tree.  Maybe I need to study this code further...
    It doesn't perform a traversal on every instantiate; iirc, it walks
    the dcache upon initialization to perform initial setup, then catches
    subsequent mounts via post_addmount and sets up the superblock and the
    root inode, and can then perform set up on each instantiate based merely
    on the security state of the parent entry, without needing to do a full
    traversal each time.
    Stephen Smalley <sdsat_private>
    National Security Agency
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Sep 03 2003 - 06:06:32 PDT