Re: i_security is NULL when calling post_create

From: Hawk Xu (h.xu@private)
Date: Mon Nov 21 2005 - 22:08:46 PST


John Johansen wrote:

>On Tue, Nov 22, 2005 at 01:06:17PM +0800, Hawk Xu wrote:
>  
>
>>Hi!
>>
>>I use inode_alloc_security() hook to alloate space for security 
>>attributes of inodes.  But I found that for the i_security field is 
>>still NULL for:
>>
>>1. all files (the security LSM is loaded manually after system boot)
>>2. all files created after system boot (the security LSM is loaded 
>>during system boot)
>>
>>It seems that the inode_alloc_security() hook is not always called.  And 
>>in my inode_post_setxattr() hook, I have to check that the i_security 
>>field is non-NULL before setting security attributes for the inode. Any 
>>idea to avoid this?
>>
>>    
>>
>the i_security field is NULL for all files that are created before your
>security module is loaded because the dummy inode_alloc_security hook is
>called until your module has registered it security fn hooks.  The only way to
>avoid this is build your module as part of the kernel (ie. not a loadable
>module), look at the selinux code for an exmaple of how to do this.
>  
>
I think that your explanation doesn't explain my `2' (i_security is NULL 
for all files created after the LSM is loaded), what do you think?

-- 
Best regards,

Hawk Xu, M.S.C.S.
h.xu `echo "ta"|rev` 163 `echo "tod"|rev` com



This archive was generated by hypermail 2.1.3 : Mon Nov 21 2005 - 22:09:56 PST