On 6/2/2017 10:39 AM, Steve Kemp wrote:
>> Create an security module that looks for the attribute
> For what it is worth I thought this seemed like an interesting project
> for a beginner, so I did just that.  I wrote up the experience here:
>
> https://blog.steve.fi/so_i_accidentally_wrote_a_linux_security_module.html
>
> In short it was a very simple and clean approach, which I think is
> hard to get wrong.  The only part I need to work on some more is the
> difference between `user` and `security` attributes.

A 'user' attribute can be set by the file owner. A 'security'
attribute requires privilege. SELinux and Smack use 'security'
attributes to prevent users from mucking with them. You need
to create module hooks for manipulating them, including

        inode_init_security
        inode_setxattr
        inode_post_setxattr
        inode_removexattr
        inode_getsecurity
        inode_listsecurity
        inode_setsecurity
        d_instantiate



>
> Steve
> --
> https://steve.fi/
>

Reply via email to