[PATCH v3 5/5] kernfs: initialize security of newly created nodes
Tejun Heo
tj at kernel.org
Wed Jan 30 17:09:11 UTC 2019
Hello,
On Wed, Jan 30, 2019 at 12:41:50PM +0100, Ondrej Mosnacek wrote:
> @@ -673,6 +698,12 @@ static struct kernfs_node *__kernfs_new_node(struct kernfs_root *root,
> goto err_out3;
> }
>
> + if (parent) {
> + ret = kernfs_node_init_security(parent, kn);
> + if (ret)
> + goto err_out3;
> + }
So, doing this unconditionally isn't a good idea. kernfs doesn't use
the usual dentry/inode because there are machines with 6, even 7 digit
number of kernfs nodes and some of them even failed to boot due to
memory shortage. Please don't blow it up by default.
Thanks.
--
tejun
More information about the Linux-security-module-archive
mailing list