Casey Schaufler [EMAIL PROTECTED] wrote:
Grumble. Yet another thing to undo in the near future. I still
hope to suggest what I would consider a viable alternative soon.
Use a struct key with the overrides attached? The key can be generated by
SELinux or whatever module is there.
David
-
To
Casey Schaufler [EMAIL PROTECTED] wrote:
How would you expect an LSM that is not SELinux to interface with
CacheFiles?
You have to understand that I didn't know that much about the LSM interface,
so I asked advice of the Red Hat security people, who, naturally, pointed me
at the SELinux
Casey Schaufler [EMAIL PROTECTED] wrote:
I haven't looked into the issues at all and I bet there are plenty,
maybe in audit and places outside of the security realm, but this
looks like a clean approach from the LSM interface standpoint. Do
you want the entire task or just task-security?
It
Stephen Smalley [EMAIL PROTECTED] wrote:
Seems like over-design - we don't need to support LSM stacking, and we
don't need to support pushing/popping more than one level of context.
It will, at some point hopefully, be possible for someone to try, say, NFS
exporting a cached ISO9660 mount
Casey Schaufler [EMAIL PROTECTED] wrote:
(1) int security_get_context(void **_context);
This allocates and gives the caller a blob that describes the current
context of all the LSM module states attached to the current task and
stores a pointer to it in *_context.
Is
Casey Schaufler [EMAIL PROTECTED] wrote:
With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE,
do your business of setting the label correctly, and then drop
the capability. No new hooks required.
That sounds like a contradiction. How can you both leave it alone and set it?
Hi Linus, Al,
Would you object greatly to functions like vfs_mkdir() gaining a security
parameter? What I'm thinking of is this:
int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode,
struct security *security)
Where the security context is the state
-by: David Howells [EMAIL PROTECTED]
---
include/linux/cred.h |1
include/linux/security.h | 34 +++
kernel/cred.c |7 +
security/dummy.c | 11 +
security/selinux/exports.c|6
security/selinux/hooks.c
Hi Al, Christoph, Trond, Stephen, Casey,
Here's a set of patches that implement a very basic set of COW credentials. It
compiles, links and runs for x86_64 with EXT3, (V)FAT, NFS, AFS, SELinux and
keyrings all enabled. Most other filesystems are disabled, apart from things
like proc. It is
Casey Schaufler [EMAIL PROTECTED] wrote:
Move into the cred struct the part of the task security data that defines
how a task acts upon an object. The part that defines how something acts
upon a task remains attached to the task.
This seems to me to be an unnatural and inappropriate
Andrew Morgan [EMAIL PROTECTED] wrote:
OOC If we were to simply drop support for one process changing the
capabilities of another, would we need this patch?
Well, the patch could be less, but there's still the possibility of a kernel
service wanting to override the capabilities mask.
David
-
Changes to the kernel configuration defintions and to the NFS mount options to
allow the local caching support added by the previous patch to be enabled.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/Kconfig|8
fs/nfs/client.c | 14 ++
fs/nfs
an NFS filesystem to use caching, add an fsc option to the mount:
mount warthog:/ /a -o fsc
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/nfs/Makefile |1
fs/nfs/client.c |5 +
fs/nfs/file.c | 51 ++
fs/nfs/fscache-def.c | 288
for this that uses the prepare_write() and
commit_write() address_space operations to bound a copy directly into the page
cache.
Hook the Ext2 and Ext3 operations to the generic implementation.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/ext2/inode.c|2 +
fs/ext3/inode.c|3
, then
page_mkwrite() will flush it before attaching a record of the new key.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/afs/file.c | 20 +++-
fs/afs/internal.h |1 +
fs/afs/write.c| 35 +++
3 files changed, 55 insertions(+), 1 deletions
The attached patch makes the kAFS filesystem in fs/afs/ use FS-Cache, and
through it any attached caches. The kAFS filesystem will use caching
automatically if it's available.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/Kconfig |8 +
fs/afs/Makefile|3
fs/afs
This patch set is available for download as a tarball from:
http://people.redhat.com/~dhowells/nfs/nfs+fscache-23.tar.bz2
David
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
the body of a message to [EMAIL PROTECTED]
More majordomo info at
to detect this.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/splice.c|2 +-
include/linux/page-flags.h | 30 +-
include/linux/pagemap.h| 11 +++
mm/filemap.c | 16
mm/migrate.c
) to do the honours.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
mm/readahead.c | 40 ++--
1 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/mm/readahead.c b/mm/readahead.c
index 39bf45d..12d1378 100644
--- a/mm/readahead.c
+++ b/mm/readahead.c
-by: David Howells [EMAIL PROTECTED]
---
include/linux/cred.h |1
include/linux/security.h | 33 ++
kernel/cred.c |7 +
security/dummy.c | 11 +
security/selinux/exports.c|6
security/selinux/hooks.c | 497
Trond Myklebust [EMAIL PROTECTED] wrote:
So why do you need a new address space operation? AFAICS the generic
implementation will work for pretty much everyone who supports the
existing prepare_write()/commit_write().
Because Christoph decreed that I wasn't allowed to call prepare_write() and
Trond Myklebust [EMAIL PROTECTED] wrote:
This is used by CacheFiles to detect read completion on a page in the
backing filesystem so that it can then copy the data to the waiting netfs
page.
Won't it in any case want to lock the page too?
No. Why would it? All it wants to do is to
David Howells [EMAIL PROTECTED] wrote:
Peter Staubach [EMAIL PROTECTED] wrote:
Did I miss the section where the modified semantics about which
mounted file systems can use the cache and which ones can not
was implemented?
Yes.
fs/nfs/super.c:
case Opt_sharecache
this to be
incorrect. It should probably use security_task_getsecid() instead.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
drivers/usb/core/devio.c |4 ++--
include/linux/security.h | 18 +-
include/linux/selinux.h | 15 ++-
kernel/auditsc.c
-by: David Howells [EMAIL PROTECTED]
---
include/linux/cred.h |1
include/linux/security.h | 33 ++
kernel/cred.c |7 +
security/dummy.c | 11 +
security/selinux/exports.c|6
security/selinux/hooks.c | 497
by update_current_cred() which is
invoked on entry to any system call that might need it.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/buffer.c |3 +++
fs/ioprio.c |3 +++
fs/open.c | 27 +--
fs/proc/array.c
Request a credential record for the named kernel service. This produces a
cred struct with appropriate DAC and MAC controls for effecting that service.
It may be used to override the credentials on a task to do work on that task's
behalf.
Signed-off-by: David Howells [EMAIL PROTECTED
) to do the honours.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
mm/readahead.c | 40 ++--
1 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/mm/readahead.c b/mm/readahead.c
index 39bf45d..12d1378 100644
--- a/mm/readahead.c
+++ b/mm/readahead.c
Provide an add_wait_queue_tail() function to add a waiter to the back of a
wait queue instead of the front.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/wait.h |1 +
kernel/wait.c| 18 ++
2 files changed, 19 insertions(+), 0 deletions(-)
diff
This one-line patch fixes the missing export of copy_page introduced
by the cachefile patches. This patch is not yet upstream, but is required
for cachefile on ia64. It will be pushed upstream when cachefile goes
upstream.
Signed-off-by: Prarit Bhargava [EMAIL PROTECTED]
Signed-Off-By: David
-Off-By: David Howells [EMAIL PROTECTED]
---
include/linux/pagemap.h |5 +
mm/filemap.c| 19 +++
2 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index d1049b6..452fdcf 100644
--- a/include/linux
Export a number of functions for CacheFiles's use.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/super.c |2 ++
kernel/auditsc.c |2 ++
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/fs/super.c b/fs/super.c
index 28e7370..0e8c0e2 100644
--- a/fs/super.c
Changes to the kernel configuration defintions and to the NFS mount options to
allow the local caching support added by the previous patch to be enabled.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/Kconfig|8
fs/nfs/client.c | 14 ++
fs/nfs
an NFS filesystem to use caching, add an fsc option to the mount:
mount warthog:/ /a -o fsc
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/nfs/Makefile |1
fs/nfs/client.c |5 +
fs/nfs/file.c | 51 ++
fs/nfs/fscache-def.c | 288
Display the local caching state in /proc/fs/nfsfs/volumes.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/nfs/client.c |7 ---
fs/nfs/fscache.h | 12
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 0de4db4
routines once the pages have been unlocked as part of the
writeback process. To this end, the PG_error flag is set, then the
PG_writeback flag is cleared, and only *then* can lock_page() be called.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/mm.h |5 ++-
mm/truncate.c
be
revalidated.
(5) The writeback-rejection handler now calls cancel_rejected_write() added by
the previous patch to excise the affected pages rather than clearing the
PG_uptodate flag on all the pages.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/afs/fsclient.c |4
The attached patch makes the kAFS filesystem in fs/afs/ use FS-Cache, and
through it any attached caches. The kAFS filesystem will use caching
automatically if it's available.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/Kconfig |8 +
fs/afs/Makefile|3
fs/afs
, then
page_mkwrite() will flush it before attaching a record of the new key.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/afs/file.c | 20 +++-
fs/afs/internal.h |1 +
fs/afs/write.c| 35 +++
3 files changed, 55 insertions(+), 1 deletions
Al Viro [EMAIL PROTECTED] wrote:
Umm... Perhaps a better primitive would be make sure that our cred is
not shared with anybody, creating a copy and redirecting reference to
it if needed.
I wanted to make the point that once a cred record was made live - i.e. exposed
to the rest of the system
and
2) check whether that top-level keyring is the thing being searched for
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
Signed-off-by: David Howells [EMAIL PROTECTED]
---
security/keys/keyring.c | 35 +++
1 files changed, 31 insertions(+), 4 deletions(-)
diff
()
request_key_async()
request_key_async_with_auxdata()
Signed-off-by: David Howells [EMAIL PROTECTED]
---
Documentation/keys-request-key.txt | 11 +---
Documentation/keys.txt | 14 +++---
include/linux/key.h|9 ---
security/keys/internal.h
The attached patch makes the kAFS filesystem in fs/afs/ use FS-Cache, and
through it any attached caches. The kAFS filesystem will use caching
automatically if it's available.
Signed-Off-By: David Howells [EMAIL PROTECTED]
---
fs/Kconfig |8 +
fs/afs/Makefile|3
fs/afs
Add a TestSetPageError() macro to the suite of page flag manipulators. This
can be used by AFS to prevent over-excision of rejected writes from the page
cache.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/page-flags.h |1 +
1 files changed, 1 insertions(+), 0 deletions
This one-line patch fixes the missing export of copy_page introduced
by the cachefile patches. This patch is not yet upstream, but is required
for cachefile on ia64. It will be pushed upstream when cachefile goes
upstream.
Signed-off-by: Prarit Bhargava [EMAIL PROTECTED]
Signed-off-by: David
Display the local caching state in /proc/fs/nfsfs/volumes.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/nfs/client.c |7 ---
fs/nfs/fscache.h | 15 +++
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index be38c3c
Changes to the kernel configuration defintions and to the NFS mount options to
allow the local caching support added by the previous patch to be enabled.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/Kconfig|8
fs/nfs/client.c |2 ++
fs/nfs/internal.h |1
an NFS filesystem to use caching, add an fsc option to the mount:
mount warthog:/ /a -o fsc
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/nfs/Makefile |1
fs/nfs/client.c |5 +
fs/nfs/file.c | 37
fs/nfs/fscache-def.c | 289
-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/pagemap.h |5 +
mm/filemap.c| 18 ++
2 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index 6a1b317..21c35e2 100644
--- a/include/linux
) to do the honours.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
mm/readahead.c | 39 +--
1 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/mm/readahead.c b/mm/readahead.c
index c9c50ca..75aa6b6 100644
--- a/mm/readahead.c
+++ b/mm/readahead.c
-off-by: David Howells [EMAIL PROTECTED]
---
security/keys/keyctl.c | 38 ++
1 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index d9ca15c..8ec8432 100644
--- a/security/keys/keyctl.c
+++ b
Change current-fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
arch/ia64/kernel/perfmon.c|4 ++--
arch/powerpc/platforms/cell/spufs/inode.c |4 ++--
drivers/isdn/capi
These patches add local caching for network filesystems such as NFS and AFS.
The patches can roughly be broken down into a number of sets:
(*) 01-keys-inc-payload.diff
(*) 02-keys-search-keyring.diff
(*) 03-keys-callout-blob.diff
Three patches to the keyring code made to help the
routines once the pages have been unlocked as part of the
writeback process. To this end, the PG_error flag is set, then the
PG_writeback flag is cleared, and only *then* can lock_page() be called.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/mm.h |5 ++-
mm/truncate.c
Signed-off-by: Al Viro [EMAIL PROTECTED]
---
crypto/fcrypt.c | 88 ---
1 files changed, 44 insertions(+), 44 deletions(-)
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
index d161949..a32cb68 100644
--- a/crypto/fcrypt.c
+++
.
Supply a generic implementation for this that uses the write_begin() and
write_end() address_space operations to bind a copy directly into the page
cache.
Hook the Ext2 and Ext3 operations to the generic implementation.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/ext2/inode.c|2
-off-by: David Howells [EMAIL PROTECTED]
---
security/keys/keyctl.c | 38 ++
1 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index d9ca15c..8ec8432 100644
--- a/security/keys/keyctl.c
+++ b
and
2) check whether that top-level keyring is the thing being searched for
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
Signed-off-by: David Howells [EMAIL PROTECTED]
---
security/keys/keyring.c | 35 +++
1 files changed, 31 insertions(+), 4 deletions(-)
diff
Provide an add_wait_queue_tail() function to add a waiter to the back of a
wait queue instead of the front.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
include/linux/wait.h |2 ++
kernel/wait.c| 18 ++
2 files changed, 20 insertions(+), 0 deletions(-)
diff
to detect this.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/splice.c|2 +-
include/linux/page-flags.h | 38 --
include/linux/pagemap.h| 11 +++
mm/filemap.c | 16
mm/migrate.c
()
request_key_async()
request_key_async_with_auxdata()
Signed-off-by: David Howells [EMAIL PROTECTED]
---
Documentation/keys-request-key.txt | 11 +---
Documentation/keys.txt | 14 +++---
include/linux/key.h|9 ---
security/keys/internal.h
Change current-fs[ug]id to current_fs[ug]id() so that fsgid and fsuid can be
separated from the task_struct.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
arch/ia64/kernel/perfmon.c|4 ++--
arch/powerpc/platforms/cell/spufs/inode.c |4 ++--
drivers/isdn/capi
permission on the key for this function to be
successful.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
Documentation/keys.txt | 21 +++
include/linux/keyctl.h |1 +
include/linux/security.h | 20 +-
security/dummy.c |8 ++
security/keys
be
revalidated.
(5) The writeback-rejection handler now calls cancel_rejected_write() added by
the previous patch to excise the affected pages rather than clearing the
PG_uptodate flag on all the pages.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/afs/fsclient.c |4
Save the operation ID to be used with a call that we're making for display
through /proc/net/rxrpc_calls. This helps debugging stuck operations as we
then know what they are.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/afs/fsclient.c | 32 +++-
fs
, then
page_mkwrite() will flush it before attaching a record of the new key.
Signed-off-by: David Howells [EMAIL PROTECTED]
---
fs/afs/file.c | 20 +++-
fs/afs/internal.h |1 +
fs/afs/write.c| 35 +++
3 files changed, 55 insertions(+), 1 deletions
Stephen Smalley [EMAIL PROTECTED] wrote:
inode_getsecurity and getprocattr directly return the strings.
Admittedly, the whole interface could be cleaned up and made far more
consistent, but I don't think he necessarily has to go through the
getsecid + secid_to_secctx sequence if he only wants
Stephen Smalley [EMAIL PROTECTED] wrote:
+ tsec-create_sid = SECINITSID_UNLABELED;
+ tsec-keycreate_sid = SECINITSID_UNLABELED;
+ tsec-sockcreate_sid = SECINITSID_UNLABELED;
Cleared means what? Setting to 0? Or is there some other constant I should
use for that?
David
-
To
Stephen Smalley [EMAIL PROTECTED] wrote:
From a config file whose pathname would be provided by libselinux (ala
the way in which dbusd imports contexts), or directly as a context
returned by a libselinux function.
That sounds too SELinux specific. How do I do it so that it works for any
LSM?
Stephen Smalley [EMAIL PROTECTED] wrote:
All your code has to do is invoke a function provided by libselinux.
Calling libselinux means it's a special case for a specific LSM.
I think the best way to do this, then, has to be to dlopen the appropriate LSM
library. That way I don't need to do
Casey Schaufler [EMAIL PROTECTED] wrote:
You may need to have an application, say cachefileselinuxcontext, that will
read the current policy and spit out an appropriate value of whatever,
but that can be separate and LSM specific without mucking up your basic
infrastructure applications.
Casey Schaufler [EMAIL PROTECTED] wrote:
What sort of authorization are you thinking of? I would expect
that to have been done by cachefileselinuxcontext (or
cachefilesspiffylsmcontext) up in userspace. If you're going to
rely on userspace applications for policy enforcement they need
to be
Stephen Smalley [EMAIL PROTECTED] wrote:
That sounds workable, although I think he will want a more specific hook
than security_secctx_to_secid(), or possibly a second hook call, that
would not only validate the context but authorize the use of it by the
cachefilesd process. And then the
Casey Schaufler [EMAIL PROTECTED] wrote:
Put the result into /etc/cachefiles.conf.
Ewww. Runtime mangling of the configuration. I suppose it doesn't have to be
in that file with the rest of the config.
David
-
To unsubscribe from this list: send the line unsubscribe
linux-security-module in
Casey Schaufler [EMAIL PROTECTED] wrote:
Yes, but we're talking about writing the configuration information
to the kernel, not actually making any access checks with it. I
think. What I think we're talking about (and please correct me David
if I've stepped into the wrong theatre) is getting
Casey Schaufler [EMAIL PROTECTED] wrote:
This fd selects the
particular cache context that a particular instance of a running daemon is
using.
Yes, but forgive me being slow, I don't see the problem.
I mean that it's not particularly sensible to have an auxiliary interface (say
a
Stephen Smalley [EMAIL PROTECTED] wrote:
More likely, run it at build time in your .spec file to generate
cachefiles.conf,
I don't think sticking it in cachefiles.conf is a good idea necessarily.
That has to be an administrator modifiable file. Is there a program I could
make cachefiles run
Stephen Smalley [EMAIL PROTECTED] wrote:
Have you example code for the security hook you mention? I'm not sure I
understand why security_secctx_to_secid() is not sufficient.
security_secctx_to_secid() would just validate and map a context string to a
secid.
Validate as in check it's a
Stephen Smalley [EMAIL PROTECTED] wrote:
It is just a way of carving up the permission space, typically based on
object type, but it can essentially be arbitrary. The check in this
case seems specific to cachefiles since it is controlling an operation
on the /dev/cachefiles interface that
Stephen Smalley [EMAIL PROTECTED] wrote:
Yes, we could easily make a simple program that just invokes a
libselinux function that in turn grabs the proper context from some
context configuration file under /etc/selinux/$SELINUXTYPE/contexts/ and
outputs it. Dan can help with that.
That
Stephen Smalley [EMAIL PROTECTED] wrote:
They would correspond with the operations provided by the /dev/cachefiles
interface, at the granularity you want to support distinctions to be made.
Can this be made simpler by the fact that /dev/cachefiles has its own unique
label (cachefiles_dev_t).
Stephen Smalley [EMAIL PROTECTED] wrote:
Do any of the interfaces allow a task to act on a cache other than one
it has created?
No.
How does the task identify the desired cache?
Each file descriptor opened creates one separate cache instance. Any commands
sent over that filedescriptor
Nick Piggin [EMAIL PROTECTED] wrote:
I'd much prefer if you would handle this in the filesystem, and have it
set PG_private whenever fscache needs to receive a callback, and DTRT
depending on whether PG_fscache etc. is set or not.
That's tricky and slower[*]. One of the things I want to do
Nick Piggin [EMAIL PROTECTED] wrote:
This is pretty nasty.
Why? If the fs doesn't set PG_private or PG_fscache on any pages before
calling read_cache_pages(), there's no difference.
Furthermore, the differences only crop up in the error handling paths.
I would suggest either to have the
Nick Piggin [EMAIL PROTECTED] wrote:
This reintroduces the fault vs truncate race window, which must be fixed.
Hmmm... perhaps. I remember that cropped up in NFS, but I'm doing things a
bit differently to NFS. Remind me again how that worked please.
Also, it is adding a fair bit of
Nick Piggin [EMAIL PROTECTED] wrote:
I'd much prefer if you would handle this in the filesystem, and have it
set PG_private whenever fscache needs to receive a callback, and DTRT
depending on whether PG_fscache etc. is set or not.
That's tricky and slower[*]. One of the things I
James Morris [EMAIL PROTECTED] wrote:
I suspect it may be useful ensure all global identifiers for the key
subsystem are prefixed with key_, as 'copy_keys' does seem a little
generic.
Many of the fork helpers are called copy_xxx().
David
-
To unsubscribe from this list: send the line
Nick Piggin [EMAIL PROTECTED] wrote:
Then make a PG_private2 bit and use that.
To what end? Are you suggesting I should have:
PG_private2 = PG_private | PG_fscache
That's redundant information and doesn't help anything really.
My suggestion (PG_private and PG_fscache separate and
Nick Piggin [EMAIL PROTECTED] wrote:
No. I mean call the bit PG_private2. That way non-pagecache and
filesystems that don't use fscache can use it.
The bit is called PG_owner_priv_2, and then 'subclassed' to PG_fscache, much
like PG_owner_priv_1 is 'subclassed' to PG_checked as was
Nick Piggin [EMAIL PROTECTED] wrote:
Nick Piggin [EMAIL PROTECTED] wrote:
No. I mean call the bit PG_private2. That way non-pagecache and
filesystems that don't use fscache can use it.
The bit is called PG_owner_priv_2, and then 'subclassed' to PG_fscache,
much like PG_owner_priv_1
read_cache_pages()? Or can
you accept that sharing is sufficient, especially if PG_private_2 now
exists?
David
---
FS-Cache: Recruit a couple of page flags for cache management
From: David Howells [EMAIL PROTECTED]
Recruit a couple of page flags to aid in cache management. The following
Okay. I can:
(1) Have cachefilesd (the daemon) pass a security context string to the
cachefiles kernel module, which can then convert it to a secID. It'll
require a security_secctx_to_secid() function, but I'm fairly certain I
have a patch to add such kicking around somewhere.
David Howells [EMAIL PROTECTED] wrote:
Now, I recall the addition of another security class being mentioned, which
presumably would give something like:
avc_has_perm(daemon_tsec-sid, nominated_sid,
SECCLASS_CACHE, CACHE__USE_AS_OVERRIDE, NULL);
H... I can't
Stephen Smalley [EMAIL PROTECTED] wrote:
If you have a SELinux: policy loaded with handle_unknown=allow
message in your /var/log/messages, then new classes/perms that are not
yet known to the policy will be allowed by default, so the operation
will be permitted by the kernel.
I don't. How
Stephen Smalley [EMAIL PROTECTED] wrote:
avc_has_perm(daemon_tsec-sid, nominated_sid,
SECCLASS_CACHE, CACHE__USE_AS_OVERRIDE, NULL);
And I assume this doesn't care if one, the other or both of the two SIDs
mentioned are of SECCLASS_PROCESS rather than of
David Howells [EMAIL PROTECTED] wrote:
Okay... It looks like I want four security operations/hooks for cachefiles:
FYI, I added the following vectors:
# kernel services that need to override task security
class kernel_service
{
use_as_override
Casey Schaufler [EMAIL PROTECTED] wrote:
Yes, and I would recommend doing so to avoid permission races.
You're going to have to deal with the case where step (2) fails
even if you have step (1), so the test and set mindset seems
prudent to me.
Looking at SELinux, that doesn't get rid of the
Stephen Smalley [EMAIL PROTECTED] wrote:
(3) Check that the kernel may create files as a particular secid (this
could be specified indirectly by specifying an inode, which would
hide the secid inside the LSM).
I don't think this check is on the kernel per se but rather the
Stephen Smalley [EMAIL PROTECTED] wrote:
The cache files are created by the cachefiles kernel module, not by the
userspace daemon, and the userspace daemon doesn't need to directly
read/write them at all
That is correct.
(but I think it does need to be able to unlink them?).
Indeed.
The
and
2) check whether that top-level keyring is the thing being searched for
Signed-off-by: Kevin Coffman [EMAIL PROTECTED]
Signed-off-by: David Howells [EMAIL PROTECTED]
---
security/keys/keyring.c | 35 +++
1 files changed, 31 insertions(+), 4 deletions
1 - 100 of 263 matches
Mail list logo
