Re: [AppArmor 32/45] Enable LSM hooks to distinguish operations on file descriptors from operations on pathnames

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Miklos Szeredi <mszeredi@...>

Cc: <jjohansen@...>, <akpm@...>, <linux-kernel@...>, <linux-security-module@...>, Andreas Gruenbacher <agruen@...>

Subject: Re: [AppArmor 32/45] Enable LSM hooks to distinguish operations on file descriptors from operations on pathnames

Date: Friday, October 26, 2007 - 2:49 pm

On Fri, Oct 26, 2007 at 01:30:52PM +0200, Miklos Szeredi wrote:
quoted text> On Thu, 2007-10-25 at 23:40 -0700, jjohansen@suse.de wrote:
> > plain text document attachment (file-handle-ops.diff)
> > Struct iattr already contains ia_file since commit cc4e69de from=20
> > Miklos (which is related to commit befc649c). Use this to pass
> > struct file down the setattr hooks. This allows LSMs to distinguish
> > operations on file descriptors from operations on paths.
>=20
> There's a slight problem (other than HCH not liking it) with this
> approach of passing the open file in iattr:  for special files, the
> struct file pointer makes no sense to the filesystem, since it is always
> opened by the generic functions.
>=20
true

quoted text> This wasn't a problem with ftruncate(), because that one only works on
> regular files, but fchmod/fchown/futimes will work on special files as
> well, and the filesystem interpreting file->private_data could cause
> nasty bugs.=20
>=20
> So I think the correct solution (which was suggested by Trond and
> others) is to define an f_op->fsetattr() method, which interested
> filesystems can define.
>=20
yeah that does sound like the way to go, thank Miklos

regards
john

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[AppArmor 32/45] Enable LSM hooks to distinguish operations ..., , (Fri Oct 26, 2:40 am)

Re: [AppArmor 32/45] Enable LSM hooks to distinguish operati..., Miklos Szeredi, (Fri Oct 26, 7:30 am)

Re: [AppArmor 32/45] Enable LSM hooks to distinguish operati..., Andreas Gruenbacher, (Fri Oct 26, 4:24 pm)

Re: [AppArmor 32/45] Enable LSM hooks to distinguish operati..., Miklos Szeredi, (Fri Oct 26, 4:58 pm)

Re: [AppArmor 32/45] Enable LSM hooks to distinguish operati..., Andreas Gruenbacher, (Fri Oct 26, 5:56 pm)

Re: [AppArmor 32/45] Enable LSM hooks to distinguish operati..., John Johansen, (Fri Oct 26, 2:49 pm)

Re: [AppArmor 32/45] Enable LSM hooks to distinguish operati..., Miklos Szeredi, (Fri Oct 26, 7:45 am)


linux-kernel:
Andrea Arcangeli	[PATCH 00 of 12] mmu notifier #v13
David Newall	Re: What still uses the block layer?
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Konrad Rzeszutek	[PATCH] Add iSCSI iBFT support (v0.4.5)
openbsd-misc:

git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Stefan Richter	Re: [GIT]: Networking
Antonio Almeida	HTB accuracy for high speed