Re: SELinux metadata protection

From: Serge E. Hallyn (serue@private)
Date: Sun Jan 01 2006 - 09:48:54 PST


Quoting KaiGai Kohei (kaigai@private):
> Hmm... I'm not so familiar with ISO-15408.
> Do you know previous discussions about such behavior on filename resolving 
> or readdir ?

I can look around later in the week for past discussions (not sure
whether there have been any), but at least here is the protection
profile I'm talking about:
http://niap.nist.gov/cc-scheme/pp/PP_MLOSPP-MR_V1.22.html

> Pay attention to what 'filler' was overwritten in this patch.
> When LSM is enable, FS's readdir method (dir->f_op->readdir) always calls 
> 'security_file_filldir'
> for each directory entry instead of original 'filler' given by arguments.

Yes, I see, and I was being dense and misread it.  So forget what I said
before.  But please add a good comment above the security_file_filldir
definition.  Also, the kernel community doesn't like typedefs, so please
change

+typedef struct {
+       struct file *dir;
+       void *buffer;
+       filldir_t filler;
+} security_filldir_t;

to something like

+struct security_filldir_info {
+       struct file *dir;
+       void *buffer;
+       filldir_t filler;
+};


Do you have any performance measurements, say with selinux and with only
capabilities compiled in, with and without this patch?  I suspect that will
be one of the most important points of contention if this goes to the
linux-kernel list.

thanks,
-serge



This archive was generated by hypermail 2.1.3 : Sun Jan 01 2006 - 16:24:17 PST