On Sat, 2005-10-29 at 10:47 +0800, Globe Trekker wrote: > Hi! > > I found that d_instantiate() hooks is not called whenever I use `cat' to > read some file or `echo' to write to some file. > > # cat /etc/* > # cat /tmp/mactest > # echo "hello world" >> /tmp/mactest > # echo "hello world" > /tmp/mactes > > The hook is not called in all the above cases. > > Is there any way to surely get the MAC xattr of the inode before > inode_permission() hook is called? The d_instantiate hook is called when the inode is associated with a dentry, and this is sufficient to allow getting the xattr of the inode and caching it upon the first lookup. Naturally, you need to update the cached data from your post_setxattr hook, and you may need to set it from your post_create (pre-2.6.14) or inode_init_security (2.6.14) hooks for newly created files. As before, look at what SELinux does - it is an already functioning example of a MAC module that uses xattrs. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Mon Oct 31 2005 - 05:19:56 PST