Re: Security issues with local filesystem caching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stephen Smalley <[email protected]> wrote:

> > You start the cache by mounting it:
> > 
> > 	mount -t cachefs /dev/hdx9 /cachefs
> > 
> > Then it's online.  However, you might want to check that whoever's calling
> > mount has permission to bring a cache online...
> 
> Hmmm...that raises a separate issue - how does SELinux label cachefs
> inodes?  Does cachefs support xattrs?  Other option is to use a mount
> context (mount -o context=...) to apply a single context to all inodes
> within it.

There are only two inodes publically available through cachefs - the root dir
and a file of statistics - and they're both read only.  Everything else, for
the moment, is strictly internal and unavailable to userspace.  In fact, there
may not be any other inodes.

> Where exactly is the cachefs code available?

It'll need a little bit of work to make it compilable again; but I can probably
get you a copy on Monday.  I've been concentrating on CacheFiles.

> I'm also unclear on where you establish the binding between the files
> being cached and the cache.  What specifies that e.g. a given NFS mount
> should be backed to a given cache?  We need to be able to control that
> relationship too, to establish that the cache is being protected
> adequately for the source data.

Yes.  I haven't worked that one out yet.  Currently it's not a problem as only
CacheFiles is available at the moment, and that currently only supports one
cache.

But I have an idea that I need to work on to make it possible to associate
directories and files with caches (or other useful parameters).

> >  (1) Permission to bring a cache online or to take a cache offline.
> 
> At present, this will show up as the usual checking on mount (security
> hooks in do_mount and vfs_kern_mount) and on umount (security hook in
> do_umount) by SELinux.  I'm not sure whether you need anything specific
> to the cache.

That doesn't apply to CacheFiles, but okay; we can always add it later if we
decide we want it.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux