[PATCH v15 0/4] SELinux support for anonymous inodes and UFFD
lokeshgidra at google.com
Thu Jan 14 22:50:44 UTC 2021
On Thu, Jan 14, 2021 at 2:47 PM Paul Moore <paul at paul-moore.com> wrote:
> On Tue, Jan 12, 2021 at 12:15 PM Paul Moore <paul at paul-moore.com> wrote:
> > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra <lokeshgidra at google.com> wrote:
> > >
> > > Userfaultfd in unprivileged contexts could be potentially very
> > > useful. We'd like to harden userfaultfd to make such unprivileged use
> > > less risky. This patch series allows SELinux to manage userfaultfd
> > > file descriptors and in the future, other kinds of
> > > anonymous-inode-based file descriptor.
> > ...
> > > Daniel Colascione (3):
> > > fs: add LSM-supporting anon-inode interface
> > > selinux: teach SELinux about anonymous inodes
> > > userfaultfd: use secure anon inodes for userfaultfd
> > >
> > > Lokesh Gidra (1):
> > > security: add inode_init_security_anon() LSM hook
> > >
> > > fs/anon_inodes.c | 150 ++++++++++++++++++++--------
> > > fs/libfs.c | 5 -
> > > fs/userfaultfd.c | 19 ++--
> > > include/linux/anon_inodes.h | 5 +
> > > include/linux/lsm_hook_defs.h | 2 +
> > > include/linux/lsm_hooks.h | 9 ++
> > > include/linux/security.h | 10 ++
> > > security/security.c | 8 ++
> > > security/selinux/hooks.c | 57 +++++++++++
> > > security/selinux/include/classmap.h | 2 +
> > > 10 files changed, 213 insertions(+), 54 deletions(-)
> > With several rounds of reviews done and the corresponding SELinux test
> > suite looking close to being ready I think it makes sense to merge
> > this via the SELinux tree. VFS folks, if you have any comments or
> > objections please let me know soon. If I don't hear anything within
> > the next day or two I'll go ahead and merge this for linux-next.
> With no comments over the last two days I merged the patchset into
> selinux/next. Thanks for all your work and patience on this Lokesh.
Thanks so much.
> Also, it looks like you are very close to getting the associated
> SELinux test suite additions merged, please continue to work with
> Ondrej to get those merged soon.
Certainly! I'm waiting for his reviews for the latest patch.
> paul moore
More information about the Linux-security-module-archive