Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO.

From: Toshiharu Harada
Date: Thu Apr 10 2008 - 01:58:14 EST

Next message: Bert Wesarg: "Re: [PATCH 3/3] cpumask: add show cpu map functions v2"
Previous message: Shakul Mohideen Hameed: "Re: [GIT] git-clone failure over http"
In reply to: Stephen Smalley: "Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO."
Next in thread: Stephen Smalley: "Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/9/2008 9:49 PM, Stephen Smalley wrote:

We cordially request LSM changes to pass vfsmount parameters.

Don't cordially request it - submit patches to make it happen. Or work
with others who have been submitting such patches.

You are (always) right. :)

There are two options:
1) Submit patches to pass down the vfsmounts to the vfs helpers so that
they can be passed to the existing security_inode hooks. -or-
2) Submit patches to add new security hooks to the callers where the
vfsmount is already available (some have suggested moving the existing
security_inode hooks to the callers, but that would cause problems for
SELinux as I've posted elsewhere, so adding new hooks is preferable, and
then SELinux can just default to the dummy functions for those new
hooks).

Thank you for your suggestions. I drew a diagram. Is this correct?

Regards,
Toshiharu Harada
NTT DATA CORPORATION

Next message: Bert Wesarg: "Re: [PATCH 3/3] cpumask: add show cpu map functions v2"
Previous message: Shakul Mohideen Hameed: "Re: [GIT] git-clone failure over http"
In reply to: Stephen Smalley: "Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO."
Next in thread: Stephen Smalley: "Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]