Hi!
I'm implementing a Mandatory Access Control LSM for linux-2.6.12.5.
I have to use security_inode_permission hook to check the permission of
the access to a file.
I use Extended Attribute to store all MAC attributes of files.
In my mac_inode_permission(), I have to get the MAC attribute of the
inode, using this:
if ((inode->i_op) && (inode->i_op->getxattr)) {
error = inode->i_op->getxattr(nd->dentry, POSIX_MAC_XATTR_NAME,
&mac_xattr, sizeof(posix_mac_xattr));
}
So, you see, I have to use the nd parameter of the
security_inode_permission() hook. But sometimes this parameter is NULL.
For now, my mac_inode_permission() just return success if `nd' is NULL,
and the MAC mechainism behaves strangely, the MAC control on directories
just doesn't work.
I tried to get `dentry' from `inode' but found it almost impossible(any
new idea?). I tried to figure out the situations in which the `nd'
parameter for security_inode_permission() hook is NULL but found it too
hard to accomplish.
Any ideas?
Thanks!
Hawk Xu
Beijing
This archive was generated by hypermail 2.1.3 : Thu Oct 27 2005 - 00:08:53 PDT