[PATCH v10 3/3] Use secure anon inodes for userfaultfd
Eric Biggers
ebiggers at kernel.org
Wed Nov 4 20:36:31 UTC 2020
On Sun, Oct 11, 2020 at 01:29:36AM -0700, Lokesh Gidra wrote:
> From: Daniel Colascione <dancol at google.com>
>
> This change gives userfaultfd file descriptors a real security
> context, allowing policy to act on them.
>
> Signed-off-by: Daniel Colascione <dancol at google.com>
>
> [Remove owner inode from userfaultfd_ctx]
> [Use anon_inode_getfd_secure() instead of anon_inode_getfile_secure()
> in userfaultfd syscall]
> [Use inode of file in userfaultfd_read() in resolve_userfault_fork()]
>
> Signed-off-by: Lokesh Gidra <lokeshgidra at google.com>
> ---
I'm not an expert in userfaultfd or SELinux, but I don't see any issues with
this patch, and the comments I made earlier were resolved (except for the patch
title which I just pointed out -- it should have "userfaultfd:" prefix).
So feel free to add:
Reviewed-by: Eric Biggers <ebiggers at google.com>
More information about the Linux-security-module-archive
mailing list