aboutsummaryrefslogtreecommitdiffstats
path: root/security/dummy.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-09-09 16:01:35 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-09 16:57:27 -0400
commit5e41ff9e0650f327a6c819841fa412da95d57319 (patch)
treea525df8bda34c2aa52f30326f94cd15109bb58b3 /security/dummy.c
parentf5ee56cc184e0944ebc9ff1691985219959596f6 (diff)
[PATCH] security: enable atomic inode security labeling
The following patch set enables atomic security labeling of newly created inodes by altering the fs code to invoke a new LSM hook to obtain the security attribute to apply to a newly created inode and to set up the incore inode security state during the inode creation transaction. This parallels the existing processing for setting ACLs on newly created inodes. Otherwise, it is possible for new inodes to be accessed by another thread via the dcache prior to complete security setup (presently handled by the post_create/mkdir/... LSM hooks in the VFS) and a newly created inode may be left unlabeled on the disk in the event of a crash. SELinux presently works around the issue by ensuring that the incore inode security label is initialized to a special SID that is inaccessible to unprivileged processes (in accordance with policy), thereby preventing inappropriate access but potentially causing false denials on legitimate accesses. A simple test program demonstrates such false denials on SELinux, and the patch solves the problem. Similar such false denials have been encountered in real applications. This patch defines a new inode_init_security LSM hook to obtain the security attribute to apply to a newly created inode and to set up the incore inode security state for it, and adds a corresponding hook function implementation to SELinux. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/dummy.c')
-rw-r--r--security/dummy.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/security/dummy.c b/security/dummy.c
index 6ff88758647..e8a00fa8046 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -258,6 +258,12 @@ static void dummy_inode_free_security (struct inode *inode)
258 return; 258 return;
259} 259}
260 260
261static int dummy_inode_init_security (struct inode *inode, struct inode *dir,
262 char **name, void **value, size_t *len)
263{
264 return -EOPNOTSUPP;
265}
266
261static int dummy_inode_create (struct inode *inode, struct dentry *dentry, 267static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
262 int mask) 268 int mask)
263{ 269{
@@ -886,6 +892,7 @@ void security_fixup_ops (struct security_operations *ops)
886 set_to_dummy_if_null(ops, sb_post_pivotroot); 892 set_to_dummy_if_null(ops, sb_post_pivotroot);
887 set_to_dummy_if_null(ops, inode_alloc_security); 893 set_to_dummy_if_null(ops, inode_alloc_security);
888 set_to_dummy_if_null(ops, inode_free_security); 894 set_to_dummy_if_null(ops, inode_free_security);
895 set_to_dummy_if_null(ops, inode_init_security);
889 set_to_dummy_if_null(ops, inode_create); 896 set_to_dummy_if_null(ops, inode_create);
890 set_to_dummy_if_null(ops, inode_post_create); 897 set_to_dummy_if_null(ops, inode_post_create);
891 set_to_dummy_if_null(ops, inode_link); 898 set_to_dummy_if_null(ops, inode_link);