[PATCH v3 5/5] kernfs: initialize security of newly created nodes

Tejun Heo tj at kernel.org
Thu Jan 31 14:22:44 UTC 2019


Hello,

On Thu, Jan 31, 2019 at 11:20:57AM +0100, Ondrej Mosnacek wrote:
> Hm, I see... basically the only thing that gets allocated in
> kernfs_node_init_security() by default (at least under SELinux/ no
> LSM) is the kernfs_iattrs structures, so I assume you are pointing at
> that. I think this can be easily fixed, if we again use the assumption

Yeap.

> Technically this might make some LSMs unhappy, if they want to set
> some non-default context even if parent is all default, but this is
> already impossible now and in this case I think we have no better
> choice than sacrificing a bit of flexibility for memory efficiency,
> which is apparently critical here.
> 
> Tejun, Casey, would the above modification be fine with you?

Generally looks good but maybe it can check the attr to see whether
there actually are things which need inheritance?

Thanks.

-- 
tejun



More information about the Linux-security-module-archive mailing list