On 10/28/2015 01:31 PM, Stephen Smalley wrote:
On 10/28/2015 07:48 AM, Andreas Gruenbacher wrote:
On Tue, Oct 27, 2015 at 5:40 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
Use path_has_perm directly instead.
This reverts:
commit 13f8e9810bff12d01807b6f92329111f45218235
Author: David Howells <dhowe...@redhat.com>
Date: Thu Jun 13 23:37:55 2013 +0100
SELinux: Institute file_path_has_perm()
Create a file_path_has_perm() function that is like path_has_perm() but
instead takes a file struct that is the source of both the path and the
inode (rather than getting the inode from the dentry in the path). This
is then used where appropriate.
This will be useful for situations like unionmount where it will be
possible to have an apparently-negative dentry (eg. a fallthrough) that
is
open with the file struct pointing to an inode on the lower fs.
Signed-off-by: David Howells <dhowe...@redhat.com>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
which I think David was intending to use as part of his SELinux/overlayfs
support.
Okay. As long as overlayfs support in SELinux is in half-finished
state, let's leave this alone.
Also, the caller is holding a spinlock (tty_files_lock), so you can't call
inode_doinit from
here.
Try stress testing your patch series by just always setting isec->initialized
to LABEL_INVALID.
Previously the *has_perm functions could be called under essentially any
condition, with the exception
of when in a RCU walk and needing to audit the dname (but they did not
previously block/sleep).
file_has_perm() also gets called from match_file() callback to
iterate_fd(), which holds files->file_lock.
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
