Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2006-04-19 at 08:44 -0700, Greg KH wrote:
> On Wed, Apr 19, 2006 at 08:55:56AM -0400, Yuichi Nakamura wrote:
> > However, path-name based configuration can not be achieved on SELinux in
> > following cases.
> > 1) Files on file system that does not support xattr(such as sysfs)
> >    SELinux policy editor handles all files as same on such file systems.
> 
> Hm, I've thought about this in the past and wonder if we should add
> xattr support to sysfs.  Would it be useful for things like SELinux?
> The files would not be created with any xattrs, but would be able to
> have them once they are set.  Would that be good enough?

The generic security xattr fallback behavior in the VFS already provides
us with most of what we need there.  The only thing missing is a way to
preserve the attributes when inodes are evicted and later re-created
from sysfs_dirent.  One of our people was experimenting with a patch to
save and restore that information, but we are waiting for some of the
audit work to finalize as that exports some interfaces from SELinux to
the rest of the kernel that we need.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux