[PATCH v2 3/3] kernfs: Initialize security of newly created nodes
Tejun Heo
tj at kernel.org
Fri Jan 11 20:52:35 UTC 2019
On Wed, Jan 09, 2019 at 05:28:30PM +0100, Ondrej Mosnacek wrote:
> Use the new security_object_init_security() hook to allow LSMs to
> possibly assign a non-default security context to newly created nodes
> based on the context of their parent node.
>
> This fixes an issue with cgroupfs under SELinux, where newly created
> cgroup subdirectories would not inherit its parent's context if it had
> been set explicitly to a non-default value (other than the genfs context
> specified by the policy). This can be reproduced as follows:
I'm not yet sure about using selinux on cgroupfs. Let's please
discuss that first.
Thanks.
--
tejun
More information about the Linux-security-module-archive
mailing list