Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

On 04/24/2018 11:22 AM, David Howells wrote: > Stephen Smalley wrote: > >> Neither fsopen() nor fscontext_fs_write() appear to perform any kind of >> up-front permission checking (DAC or MAC), although some security hooks may >> be ultimately called to allocate structures,

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

Stephen Smalley wrote: > Neither fsopen() nor fscontext_fs_write() appear to perform any kind of > up-front permission checking (DAC or MAC), although some security hooks may > be ultimately called to allocate structures, parse security options, etc. > Is there a reason not

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

On 04/20/2018 11:35 AM, David Howells wrote: > Paul Moore wrote: > >> Adding the SELinux mailing list to the CC line; in the future please >> include the SELinux mailing list on patches like this. It would also >> be very helpful to include "selinux" somewhere in the

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

Paul Moore wrote: > Adding the SELinux mailing list to the CC line; in the future please > include the SELinux mailing list on patches like this. It would also > be very helpful to include "selinux" somewhere in the subject line > when the patch is predominately SELinux

Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7]

On Thu, Apr 19, 2018 at 9:31 AM, David Howells wrote: > Add LSM hooks for use by the filesystem context code. This includes: > > (1) Hooks to handle allocation, duplication and freeing of the security > record attached to a filesystem context. > > (2) A hook to snoop