Re: i_security is NULL when calling post_create

From: John Johansen (johansen@private)
Date: Mon Nov 21 2005 - 21:47:22 PST


On Tue, Nov 22, 2005 at 01:06:17PM +0800, Hawk Xu wrote:
> Hi!
> 
> I use inode_alloc_security() hook to alloate space for security 
> attributes of inodes.  But I found that for the i_security field is 
> still NULL for:
> 
> 1. all files (the security LSM is loaded manually after system boot)
> 2. all files created after system boot (the security LSM is loaded 
> during system boot)
> 
> It seems that the inode_alloc_security() hook is not always called.  And 
> in my inode_post_setxattr() hook, I have to check that the i_security 
> field is non-NULL before setting security attributes for the inode. Any 
> idea to avoid this?
> 
the i_security field is NULL for all files that are created before your
security module is loaded because the dummy inode_alloc_security hook is
called until your module has registered it security fn hooks.  The only way to
avoid this is build your module as part of the kernel (ie. not a loadable
module), look at the selinux code for an exmaple of how to do this.

jj





This archive was generated by hypermail 2.1.3 : Mon Nov 21 2005 - 21:48:28 PST