On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
Here is another version of the patch queue to make gfs2 and similar file
systems work with SELinux. As suggested by Stephen Smalley [*], the relevant
uses of inode->security are wrapped in function calls that try to revalidate
invalid labels.
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
Use path_has_perm directly instead.
This reverts:
commit 13f8e9810bff12d01807b6f92329111f45218235
Author: David Howells
Date: Thu Jun 13 23:37:55 2013 +0100
SELinux: Institute file_path_has_perm()
Create a
Make validatetrans decisions available through selinuxfs.
"/transition" is added to selinuxfs for this purpose.
This functionality is needed by file system servers
implemented in userspace or kernelspace without the VFS
layer.
Writing "$oldcontext $newcontext $tclass $taskcontext"
to /transition
On 10/27/2015 02:27 PM, Andrew Perepechko wrote:
+ if (rc)
+ goto out;
+
+ rc = -ENOMEM;
+ if (count >= PAGE_SIZE - 1)
+ goto out;
Why PAGE_SIZE-1?
This is to avoid allocation of more than a single page.
Yes, but you don't need PAGE_SIZE - 1
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
Add functions dentry_security and inode_security for accessing
inode->i_security. These functions initially don't do much, but they
will later be used to revalidate the security labels when necessary.
Signed-off-by: Andreas Gruenbacher