Re: [PATCH v1] security: Add a new hook: inode_touch_atime

From: Christoph Hellwig
Date: Thu Dec 22 2016 - 01:26:07 EST

Next message: Dave Chinner: "Re: [4.10, panic, regression] iscsi: null pointer deref at iscsi_tcp_segment_done+0x20d/0x2e0"
Previous message: Liu Bo: "Re: [PATCH] Btrfs: add another missing end_page_writeback on submit_extent_page failure"
In reply to: Christoph Hellwig: "Re: [PATCH v1] security: Add a new hook: inode_touch_atime"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 22, 2016 at 12:15:06AM +0100, Mickaël Salaün wrote:
> Add a new LSM hook named inode_touch_atime which is needed to deny
> indirect update of extended file attributes (i.e. access time) which are
> not catched by the inode_setattr hook. By creating a new hook instead of
> calling inode_setattr, we avoid to simulate a useless struct iattr.
>
> This hook allows to create read-only environments as with read-only
> mount points. It can also take care of anonymous inodes.

And LSM has absolutely no business doing that - that's what the mount
code is for.

Next message: Dave Chinner: "Re: [4.10, panic, regression] iscsi: null pointer deref at iscsi_tcp_segment_done+0x20d/0x2e0"
Previous message: Liu Bo: "Re: [PATCH] Btrfs: add another missing end_page_writeback on submit_extent_page failure"
In reply to: Christoph Hellwig: "Re: [PATCH v1] security: Add a new hook: inode_touch_atime"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]