Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Configuring kernel module for labeling ...
From: Stephen Smalley <sds_at_epoch.ncsc.mil>
Date: Tue, 02 Nov 2004 13:42:52 -0500
Looking at mini_fo/main.c, I see that it doesn't copy the inode attributes (e.g. mode) until after the d_instantiate. Not good for SELinux, as we want the mode at that time to determine the security class. Might want to try the patch below.
+ /* all well, copy inode attributes */ + fist_copy_attr_all(inode, master_inode); + /* only (our) lookup wants to do a d_add */ if (flag) d_add(dentry, inode); @@ -162,10 +165,6 @@ ASSERT(DENTRY_TO_PRIVATE(dentry) != NULL); - - /* all well, copy inode attributes */ - fist_copy_attr_all(inode, master_inode); - out: print_exit_status(err); return err; @@ -246,6 +245,9 @@ inode->i_mapping->a_ops = lower_inode->i_mapping->a_ops; } + /* all well, copy inode attributes */ + fist_copy_attr_all(inode, lower_inode); + /* only (our) lookup wants to do a d_add */ if (flag) d_add(dentry, inode); @@ -253,10 +255,6 @@ d_instantiate(dentry, inode); ASSERT(DENTRY_TO_PRIVATE(dentry) != NULL); - - /* all well, copy inode attributes */ - fist_copy_attr_all(inode, lower_inode);- out: print_exit_status(err); return err; -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 2 Nov 2004 - 13:46:45 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |