On 5/4/2011 1:47 AM, Roberto Sassu wrote: > On Wednesday, May 04, 2011 01:58:00 AM John Johansen wrote: >> .... >> I have to agree with Casey, Generally looping back through the vfs should >> be using the user's credentials. This doesn't even stop you opening the >> lower file with a different set of permissions (eg. rw while the upper >> is opened with r). > Hi Casey and John > > my patch set does not modify this behavior: VFS calls on upper inodes > made by user processes and VFS calls (read/write) made by eCryptfs > on lower inodes still use the user's credentials. > > In addition, SELinux provide a model for file descriptors. They may be > opened by another subject (which provided its own credentials) and > other processes need the 'use' permission for those file descriptors > other than permissions for related inodes. > > This means that, even if eCryptfs opens lower inodes with its own > credentials, user processes still need permissions to read/write both > upper and lower inodes. > > One benefit of allowing eCryptfs to provide its own credentials is that > user processes must have granted only strictly required permissions. > > Roberto Sassu
My point is that you should be able to achieve all of what you say you want to do without introducing the LSM changes you are proposing. _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-devel Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-devel More help : https://help.launchpad.net/ListHelp
