Re: [RFC][PATCH] Enable atomic inode security labeling

From: Chris Wright (chrisw@private)
Date: Tue Jul 05 2005 - 09:03:46 PDT


* Stephen Smalley (sds@private) wrote:
> This patch enables atomic security labeling of newly created inodes by
> altering the fs code (presently only ext3, but the same approach

Ugh, so far we'd tried to stay out of each fs as much as possible.

> should generalize to other filesystems) to invoke a new LSM hook to
> obtain the security attribute to apply to a newly created inode and to
> set up the incore inode security state during the inode creation
> transaction.  This parallels the existing processing for setting ACLs
> on newly created inodes.  Otherwise, it is possible for new inodes to
> be accessed by another thread via the dcache prior to complete
> security setup (presently handled by the post_create/mkdir/... LSM
> hooks in the VFS) and a newly created inode may be left unlabeled on
> the disk in the event of a crash.  SELinux presently works around the
> issue by ensuring that the incore inode security label is initialized to a
> special SID that is inaccessible to unprivileged processes (in accordance 
> with policy), thereby preventing inappropriate access but potentially
> causing false denials on legitimate accesses.

Yes, I see the issue.  Looking at patch...

thanks,
-chris



This archive was generated by hypermail 2.1.3 : Tue Jul 05 2005 - 09:04:59 PDT