[PATCH 05/14] umh: Separate the user mode driver and the user mode helper support

Eric W. Biederman ebiederm at xmission.com
Sat Jun 27 04:21:58 UTC 2020


Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp> writes:
> On 2020/06/27 1:45, Eric W. Biederman wrote:
>> Does this series by using the normal path through exec solve your
>> concerns with LSMs being able to identify these processes (both
>> individually and as class)?.
>
> I guess "yes" for pathname based LSMs. Though, TOMOYO wants to obtain both
> AT_SYMLINK_NOFOLLOW "struct path" and !AT_SYMLINK_NOFOLLOW "struct path"
> at do_open_execat() from do_execveat_common().

Is that a problem with the current do_execveat_common in general?

That does not sound like a problem in the user mode driver case as
there are no symlinks involved.

Eric





More information about the Linux-security-module-archive mailing list