[PATCH v3 5/5] kernfs: initialize security of newly created nodes
Tejun Heo
tj at kernel.org
Thu Jan 31 14:22:44 UTC 2019
Hello,
On Thu, Jan 31, 2019 at 11:20:57AM +0100, Ondrej Mosnacek wrote:
> Hm, I see... basically the only thing that gets allocated in
> kernfs_node_init_security() by default (at least under SELinux/ no
> LSM) is the kernfs_iattrs structures, so I assume you are pointing at
> that. I think this can be easily fixed, if we again use the assumption
Yeap.
> Technically this might make some LSMs unhappy, if they want to set
> some non-default context even if parent is all default, but this is
> already impossible now and in this case I think we have no better
> choice than sacrificing a bit of flexibility for memory efficiency,
> which is apparently critical here.
>
> Tejun, Casey, would the above modification be fine with you?
Generally looks good but maybe it can check the attr to see whether
there actually are things which need inheritance?
Thanks.
--
tejun
More information about the Linux-security-module-archive
mailing list