>> On Thu, Jul 14, 2005 at 03:29:37PM -0400, Stephen Smalley wrote: >> > This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks >> > as they are obsoleted by the new inode_init_security hook that enables >> > atomic inode security labeling. If anyone sees any reason to retain these hooks, >> > please speak now. Also, is anyone using the post_rename/link hooks; if not, >> > those could also be removed. >> > >> The new inode_init_security hook doesn't receive the dentry information >> that the inode_post_create/mkdir/mknod/symlink LSM hooks receive. This is a >> problem for subdomain because we rely on dentry information. This is also a problem for SLIM, which creates the new inode integrity level label based on the lesser of the integrity level of the parent directory and the current process. The integrity level of the parent directory is an extended attribute label, which is currently accessible through getxattr() using the dentry->d_parent. Removing the dentry parameter would require a corresponding function to set_handle, based on the inode, to get the extended integrity level attribute label of the parent. Mimi
This archive was generated by hypermail 2.1.3 : Thu Jul 21 2005 - 10:45:56 PDT