SMACK: how are smack blobs getting into cred->security and inode->i_security?
Casey Schaufler
casey at schaufler-ca.com
Fri Dec 31 17:25:47 UTC 2021
On 12/31/2021 5:08 AM, Denis Obrezkov wrote:
> Hello,
>
> I am trying to understand how smack works (looking at
> smack_inode_permission hook). I can see that that smack security
> information is taken from cred->security and inode->i_security but how
> did they get in there?
The LSM infrastructure (security/security.c) allocates cred and inode
security blobs. This allows multiple security modules to use them.
> Also, when does it happen? (for a task and for a
> file)
security_cred_alloc() and security_inode_alloc().
I am the Smack maintainer. Feel free to ask anything you'd
like here and to me directly.
More information about the Linux-security-module-archive
mailing list