On Tue, 2003-09-02 at 18:54, Charles Levert wrote: > > What if the directory tree is mutated between the link_path_walk > > resolution and the call to your security hook? > > I only take the result, whatever it is. I do not duplicate any of the > complexity in link_path_walk. So, I don't care if something has changed > in between. You are relying on the directory tree remaining stable for your traversal of the parent links until you find the "capability" or reach the root. If the directory tree changes between the link_path_walk traversal and your hook's traversal, then you may have faulty results. Yes? > I'm sorry, you are (mostly) loosing me here. Do you have any references > for this stuff (or source files to read). I am aware of per-process > namespaces in Plan 9, but not in Linux. They have existed in Linux for some time. See http://www.win.tue.nl/~aeb/linux/lk/lk-6.html#ss6.3.3 Also read about bind mounts http://www.win.tue.nl/~aeb/linux/lk/lk-6.html#ss6.3.2 > To be honest, I developed my prototype around 2.4.20-lsm1 where there > was no d_instantiate hook. I have taken a look at dte_d_instantiate > in 2.5.72-lsm1 and I am having trouble seeing this traversal of the > directory tree. Maybe I need to study this code further... It doesn't perform a traversal on every instantiate; iirc, it walks the dcache upon initialization to perform initial setup, then catches subsequent mounts via post_addmount and sets up the superblock and the root inode, and can then perform set up on each instantiate based merely on the security state of the parent entry, without needing to do a full traversal each time. -- Stephen Smalley <sdsat_private> National Security Agency _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 03 2003 - 06:06:32 PDT