Question about inode security blob
casey at schaufler-ca.com
Tue Jan 12 01:28:15 UTC 2021
On 1/11/2021 4:56 PM, Fan Wu wrote:
> I'm trying to learn the security blob infrastructure for my future LSM development.
> Unlike other blobs, I found inode security blob has a special pattern. I couldn’t find useful information on the web so I think this mail list is the most appropriate place to ask this question.
> The BPF and SELinux will check whether the inode->i_security is NULL before use
The inode security blob should never be NULL in a situation where
any of the LSM hooks depend on it. The only ways that could possibly
happen are if an inode is allocated before the LSM infrastructure is
initialized or if the system is out of memory when an inode is allocated
and there are no entries in the cache. As the code says, "unlikely" and
probably in a system failure state already.
> But for smack, it doesn't do such a check
> Is this because smack_set_mnt_opts() already does the NULL check at
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/security/smack/smack_lsm.c#n784 ?
Smack tries to be pedantic about having data set up properly. So is the
LSM infrastructure management of inode blobs. I have not identified a case
where you should be able to get to an LSM hook requiring the security blob
if the blob is NULL. If initializing the inode fails it should be impossible
to use the inode thereafter.
> Also, I wonder in which situation will the inode->i_security be NULL?
The inode->i_security should never be NULL if the inode has been
initialized. Any LSM hook that finds this to be NULL has probably
identified a bug elsewhere in the system.
> Thanks, and I hope I could make my contributions to LSM soon.
Excellent. Please, tell us more about what you're proposing.
More information about the Linux-security-module-archive