On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
Here is another version of the patch queue to make gfs2 and similar file
systems work with SELinux. As suggested by Stephen Smalley [*], the relevant
uses of inode->security are wrapped in function calls that try to revalidate
invalid labels.
[*] http://marc.info/?l=linux-kernel&m=144416710207686&w=2
The patches are looking good from my point of view; is there anything else that
needs addressing?
Does SELinux have test suites that these patches could be tested agains?
git clone https://github.com/SELinuxProject/selinux-testsuite
sudo yum install perl-Test perl-Test-Harness selinux-policy-devel gcc
libselinux-devel net-tools netlabel_tools iptables
cd selinux-testsuite
sudo make test
Thanks,
Andreas
Andreas Gruenbacher (7):
selinux: Remove unused variable in selinux_inode_init_security
selinux: Add accessor functions for inode->i_security
selinux: Get rid of file_path_has_perm
selinux: Push dentry down from {dentry,path,file}_has_perm
security: Add hook to invalidate inode security labels
selinux: Revalidate invalid inode security labels
gfs2: Invalide security labels of inodes when they go invalid
fs/gfs2/glops.c | 2 +
include/linux/lsm_hooks.h | 6 ++
include/linux/security.h | 5 +
security/security.c | 8 ++
security/selinux/hooks.c | 213 ++++++++++++++++++++++----------------
security/selinux/include/objsec.h | 6 ++
6 files changed, 152 insertions(+), 88 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
