Re: idr_remove

From: Stephen Smalley
Date: Tue Feb 22 2005 - 13:42:42 EST

Next message: Parag Warudkar: "Re: [linux-usb-devel] 2.6: USB Storage hangs machine on bootup for ~2 minutes"
Previous message: Ray Bryant: "Re: [RFC 2.6.11-rc2-mm2 0/7] mm: manual page migration -- overviewII"
In reply to: Jim Houston: "Re: idr_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2005-02-22 at 13:22 -0500, Jim Houston wrote:
> I spent time looking at the pty and selinux code yesterday.
> I had little luck finding where the selinux code hooks into
> the pty code.

The call to lookup_one_len() by fs/devpts/inode.c:get_node() ultimately
calls permission(...,MAY_EXEC,...) on the devpts root directory, which
will call security_inode_permission() -> selinux_inode_permission() to
check search access to the directory. Hence, get_node() can fail if
SELinux is enabled and the process has no permission at all to
search /dev/pts. If it can get that far, then the inode will ultimately
have its security label set upon the d_instantiate() call (via
security_d_instantiate() -> selinux_d_instantiate()), and be
subsequently checked for opens/reads/writes via the
selinux_inode_permission() and selinux_file_permission() hook functions.

--
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Parag Warudkar: "Re: [linux-usb-devel] 2.6: USB Storage hangs machine on bootup for ~2 minutes"
Previous message: Ray Bryant: "Re: [RFC 2.6.11-rc2-mm2 0/7] mm: manual page migration -- overviewII"
In reply to: Jim Houston: "Re: idr_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]