On 6/2/2017 10:39 AM, Steve Kemp wrote: >> Create an security module that looks for the attribute > For what it is worth I thought this seemed like an interesting project > for a beginner, so I did just that. I wrote up the experience here: > > https://blog.steve.fi/so_i_accidentally_wrote_a_linux_security_module.html > > In short it was a very simple and clean approach, which I think is > hard to get wrong. The only part I need to work on some more is the > difference between `user` and `security` attributes.
A 'user' attribute can be set by the file owner. A 'security' attribute requires privilege. SELinux and Smack use 'security' attributes to prevent users from mucking with them. You need to create module hooks for manipulating them, including inode_init_security inode_setxattr inode_post_setxattr inode_removexattr inode_getsecurity inode_listsecurity inode_setsecurity d_instantiate > > Steve > -- > https://steve.fi/ >