[PATCH v11 1/4] security: add inode_init_security_anon() LSM hook

Eric Biggers ebiggers at kernel.org
Thu Nov 5 22:07:45 UTC 2020


On Thu, Nov 05, 2020 at 01:33:21PM -0800, Lokesh Gidra wrote:
> This change adds a new LSM hook, inode_init_security_anon(), that
> will be used while creating secure anonymous inodes.

Will be used to do what?  To assign a security context to the inode and to
allow/deny creating it, right?

> 
> The new hook accepts an optional context_inode parameter that
> callers can use to provide additional contextual information to
> security modules for granting/denying permission to create an anon-
> inode of the same type.

It looks like the hook also uses the context_inode parameter to assign a
security context to the inode.  Is that correct?  It looks like that's what the
code does, so if you could get the commit messages in sync, that would be
helpful.  I'm actually still not completely sure I'm understanding the intent
here, given that different places say different things.

- Eric



More information about the Linux-security-module-archive mailing list