Quoting Kentaro Takeda (takedakn@xxxxxxxxxxxxx):
Serge E. Hallyn wrote:
Unfortunately I think that is a shortcoming in the security_path_*Thanks for your constructive and tough suggestion. ;-)
patchset. Unfortunate bc that is going to be a pain to work out.
So for starters,Do you mean that we should move DAC code to all the caller of vfs_* ?
both vfs_mknod and vfs_create do may_create, so just pull that
into the callers.
That's not reasonable, is it.
The rule thus far has been 'DAC before MAC'. Question to all: do we
insist on keeping it that way?
If the answer is yes, then the security_path_hooks patch is inherently
wrong.
If the answer is no, then Kentaro doesn't need to resort to this
ugliness to try and get may_delete() called before his MAC code, only to
have may_delete() called a second time from the vfs_* functions.
-serge