Re: [RFC][PATCH] Pass nameidata to security_inode_permission hook

From: Chris Wright (chrisw@private)
Date: Mon Sep 29 2003 - 23:16:58 PDT

  • Next message: Chris Wright: "Re: [PATCH] Backport of Process Attribute API for Security Modules"

    * Stephen Smalley (sds@private) wrote:
    > This patch against 2.6.0-test5 changes the security_inode_permission
    > hook to also take a nameidata parameter in addition to the existing
    > inode and mask parameters.  A nameidata is already passed (although
    > sometimes NULL) to fs/namei.c:permission(), and the patch changes
    > exec_permission_lite() to also take a nameidata parameter so that it can
    > pass it along to the security hook.  The patch includes corresponding
    > changes to the SELinux module to use the nameidata information when it
    > is available; this allows SELinux to include pathname information in
    > audit messages when a nameidata structure was supplied.  If anyone has
    > any objections to this change, please let me know.
    Looks like Andrew already picked this up.  I'll put it in the LSM tree
    as well.  It'd be nice if nameidata were never NULL and we could drop
    the inode argument altogether.  But we can make that change when the VFS
    supports it.
    Linux Security Modules

    This archive was generated by hypermail 2b30 : Mon Sep 29 2003 - 23:17:48 PDT