[PATCH v6 1/3] Add a new LSM-supporting anonymous inode interface
Lokesh Gidra
lokeshgidra at google.com
Mon Aug 17 21:10:20 UTC 2020
On Fri, Aug 7, 2020 at 4:02 PM Al Viro <viro at zeniv.linux.org.uk> wrote:
>
> On Fri, Aug 07, 2020 at 03:49:39PM -0700, Lokesh Gidra wrote:
>
> > The new functions accept an optional context_inode parameter that
> > callers can use to provide additional contextual information to
> > security modules, e.g., indicating that one anonymous struct file is a
> > logical child of another, allowing a security model to propagate
> > security information from one to the other.
>
> What the hell is "logical child" and what are the lifetime rules implied
> by that relationship?
context_inode provides the security context required by the security
modules for granting/denying permission to create an anon inode of the
same type.
In case of userfaultfd, the relationship between the context_inode and
the created inode is described as that of ‘logical child’ because the
context_inode (userfaultfd inode of the parent process) provides the
security context required for creation of child process’ userfaultfd
inode. But there is no relationship beyond this point. Therefore, no
reference to context_inode is held anywhere.
More information about the Linux-security-module-archive
mailing list