Re: r-o bind in nfsd

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <neilb@...>, <miklos@...>

Cc: <viro@...>, <haveblue@...>, <linux-fsdevel@...>, <linux-kernel@...>, <akpm@...>, <hch@...>, <linux-security-module@...>, <jmorris@...>

Subject: Re: r-o bind in nfsd

Date: Tuesday, March 25, 2008 - 7:45 am

Hello.

quoted text> Maybe some enhancement to the 'intent' structure with a similar
> effect could be done instead.
> 
> Then you could, presumably, put a security hook somewhere in
> link_path_walk for those modules (like AppArmor) which want to do
> checks based on the namespace.

I think link_path_walk() is not a good place to insert new LSM hooks
for pathname based access control (AppArmor and TOMOYO) purpose because

  (1) The kernel don't know what operation (open/create/truncate etc.) will be
      done at the moment of link_path_walk().

  (2) Not all operations call link_path_walk() before these operations
      are done. For example, ftruncate() doesn't call link_path_walk().

  (3) The rename() and link() operations handle two pathnames.
      But, it is not possible to know both pathnames at the moment of
      link_path_walk().

I think we need to introduce new LSM hooks outside link_path_walk().
http://kerneltrap.org/mailarchive/linux-fsdevel/2008/2/17/882024
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: r-o bind in nfsd, Neil Brown, (Mon Mar 24, 10:52 pm)

Re: r-o bind in nfsd, Tetsuo Handa, (Tue Mar 25, 7:45 am)

Re: r-o bind in nfsd, NeilBrown, (Tue Mar 25, 6:32 pm)

Re: r-o bind in nfsd, Stephen Smalley, (Wed Mar 26, 8:04 am)

Re: r-o bind in nfsd, Serge E. Hallyn, (Wed Mar 26, 12:47 pm)

Re: r-o bind in nfsd, James Morris, (Wed Mar 26, 5:35 pm)

Re: r-o bind in nfsd, Serge E. Hallyn, (Wed Mar 26, 8:29 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Roland Dreier	Re: Integration of SCST in the mainstream Linux kernel
Greg KH	Linux 2.6.25.10
Linus Torvalds	Re: [stable] Linux 2.6.25.10
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
openbsd-misc:
Edwin Eyan Moragas	poll(2) vs kqueue(2) performance
Jonathan Thornburg	strlcat/strlcpy vs overlapping arguments
askthelist	Packets Per Second Limit?
Siju George	Skype on OpenBSD 4.1 using Fedora RPM
git:
Michael Hendricks	removing content from git history
Elijah Newren	Trying to use git-filter-branch to compress history by removing large, obsolete bi...
Junio C Hamano	Re: bad git pull
Junio C Hamano	Re: More precise tag following
linux-activists:
Jim Winstead Jr.	Re: Root Disk/Book Disk Compatibility
Sagan	387 failed error [help needed]
David Hobley	linux support for (PC) notebooks
Joel M. Hoffman	Re: How to disable C-A-D for non-root users?

Latest forum posts


Computer hangs up (freeze) and reports SATA errors	2 hours ago	Linux kernel
Questions about modules	7 hours ago	Linux kernel
USB2.0 Flash disk error(SCSI error: return code = 0x10070000)，anybody has solutions?	22 hours ago	Linux kernel
Why Windows is better than Linux	1 day ago	Linux general
Open Hardware Foundation & Open Cores	1 day ago	Hardware
Which Graphiccard should be used to get the most GPL for the money	1 day ago	Hardware
IO memory vs. memory	1 day ago	Linux kernel
Unable to mount ramdisk image using UBoot while upgrading to 2.6.15 kernel for a MPC8540 based target	1 day ago	Linux kernel
%cpu in top over 100?	1 day ago	Linux general
How to Compile 2.6 kernel for RedHat	1 day ago	Linux kernel

Show all forums...

Colocation donated by:

Online users

Syndicate