Question about inode security blob
Fan Wu
wufan at linux.microsoft.com
Tue Jan 12 00:56:09 UTC 2021
Hi,
I'm trying to learn the security blob infrastructure for my future LSM
development.
Unlike other blobs, I found inode security blob has a special pattern. I
couldn’t find useful information on the web so I think this mail list is
the most appropriate place to ask this question.
The BPF and SELinux will check whether the inode->i_security is NULL
before use
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/linux/bpf_lsm.h#n35
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/security/selinux/include/objsec.h#n164
But for smack, it doesn't do such a check
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/security/smack/smack.h#n347
Is this because smack_set_mnt_opts() already does the NULL check at
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/security/smack/smack_lsm.c#n784
?
Also, I wonder in which situation will the inode->i_security be NULL?
Thanks, and I hope I could make my contributions to LSM soon.
Best,
Fan
More information about the Linux-security-module-archive
mailing list