* Stephen Smalley (sds@private) wrote: > This patch enables atomic security labeling of newly created inodes by > altering the fs code (presently only ext3, but the same approach Ugh, so far we'd tried to stay out of each fs as much as possible. > should generalize to other filesystems) to invoke a new LSM hook to > obtain the security attribute to apply to a newly created inode and to > set up the incore inode security state during the inode creation > transaction. This parallels the existing processing for setting ACLs > on newly created inodes. Otherwise, it is possible for new inodes to > be accessed by another thread via the dcache prior to complete > security setup (presently handled by the post_create/mkdir/... LSM > hooks in the VFS) and a newly created inode may be left unlabeled on > the disk in the event of a crash. SELinux presently works around the > issue by ensuring that the incore inode security label is initialized to a > special SID that is inaccessible to unprivileged processes (in accordance > with policy), thereby preventing inappropriate access but potentially > causing false denials on legitimate accesses. Yes, I see the issue. Looking at patch... thanks, -chris
This archive was generated by hypermail 2.1.3 : Tue Jul 05 2005 - 09:04:59 PDT