Re: LSM hook addition?

From: Chris Wright
Date: Mon Jan 24 2005 - 01:40:01 EST

Next message: Jack O'Quin: "Re: [PATCH]sched: Isochronous class v2 for unprivileged soft rtscheduling"
Previous message: Roland Dreier: "[PATCH][7/12] InfiniBand/mthca: optimize event queue handling"
In reply to: John Richard Moser: "LSM hook addition?"
Next in thread: Valdis . Kletnieks: "Re: LSM hook addition?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* John Richard Moser (nigelenki@xxxxxxxxxxx) wrote:
> Can someone point me to documentation or give me a small patch to add an
> LSM hook to kernel 2.6.10 in fs/namei.c at line 1986:
>
> new_dentry = lookup_create(&nd, 0);
> error = PTR_ERR(new_dentry);
> if (!IS_ERR(new_dentry)) {
> error = security_inode_make_hardlink(old_nd); // ADD
> error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
> new_dentry);

It's already there. Look at the code in vfs_link. The security_inode_link
hook is documented in include/linux/security.h. And the restrictive policy
you're referring to is already codified in the owlsm module. See the
do_owlsm_link() function here (code's a bit old, but basic idea is still
relevant):

http://lsm.bkbits.net:8080/lsm-2.6/anno/security/owlsm.h@xxx?nav=index.html|src/|src/security

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jack O'Quin: "Re: [PATCH]sched: Isochronous class v2 for unprivileged soft rtscheduling"
Previous message: Roland Dreier: "[PATCH][7/12] InfiniBand/mthca: optimize event queue handling"
In reply to: John Richard Moser: "LSM hook addition?"
Next in thread: Valdis . Kletnieks: "Re: LSM hook addition?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]