From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756000AbbFRPeL (ORCPT ); Thu, 18 Jun 2015 11:34:11 -0400 Received: from smtp102.biz.mail.bf1.yahoo.com ([98.139.221.61]:39797 "EHLO smtp102.biz.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755822AbbFRPeF (ORCPT ); Thu, 18 Jun 2015 11:34:05 -0400 X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: qDMjd40VM1kr43gk3fTamAtq14n.awjK_p5NTax60gN9W8R P56uFLD0dMPKpfsZ9vPlYS4kVjCfMCsjwQGRL0_rvI6kV_M8dvJdWP4UQpTp sNkTvPs9UUxRoo2ZA4.aoeNgm1lBv3o.tg0jEl0ihsTWHlMMZPppXaOqi2B2 FRVMYaD3ib9bjp5Up3yYze.9Zy1zMblHlilu_FbXfuzrrCiQn8cTKnYVWqw8 ezUfYE.2n6IhTMutoSad7G3pzLnxULweB1j1ao17gTo9S9_k6A3EPpq.miPm z2UkfhWLLKo28UPYGme7i8x7jrSNMSHP10MyDTui5aZYSZQ9xDq1_dtc1OSn 3PNXK_7TgX9JBd9J5I4_YPZxZACCVCILNxcdKJZC8Hw_6XXurdj9vGM0.dxS QpxOn1Hn8X432G8tSDgdi6A.RI7hdUm9LrdnzWXpnuVYGSO.PyWDj3WR2tXH bk4YKU_J0FbcpCbciPPyO71b1fj92Pk8kGKQftMABJLDaWDdn8sCg84ZGAC4 MVNAHYfUOePqAbtZ6.4lZVmTAm4MMFY5nFA-- X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Message-ID: <5582E4EA.3040405@schaufler-ca.com> Date: Thu, 18 Jun 2015 08:34:02 -0700 From: Casey Schaufler User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: David Howells , sds@tycho.nsa.gov, viro@zeniv.linux.org.uk, miklos@szeredi.hu CC: linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, Casey Schaufler Subject: Re: [PATCH 5/8] SELinux: Stub in copy-up handling References: <20150618133215.12722.70352.stgit@warthog.procyon.org.uk> <20150618133254.12722.33339.stgit@warthog.procyon.org.uk> In-Reply-To: <20150618133254.12722.33339.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/18/2015 6:32 AM, David Howells wrote: > Provide stubs for union/overlay copy-up handling. The xattr copy up stub > discards lower SELinux xattrs rather than letting them be copied up so that > the security label on the copy doesn't get corrupted. Are you planning to do this for Smack, too? > > Signed-off-by: David Howells > --- > > security/selinux/hooks.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index ffa5a642629a..c5d893e2ff23 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -3200,6 +3200,20 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) > *secid = isec->sid; > } > > +static int selinux_inode_copy_up(struct dentry *src, struct dentry *dst) > +{ > + return 0; > +} > + > +static int selinux_inode_copy_up_xattr(struct dentry *src, struct dentry *dst, > + const char *name, void *value, > + size_t *size) > +{ > + if (strcmp(name, XATTR_NAME_SELINUX) == 0) > + return 1; /* Discard */ > + return 0; > +} > + > /* file security operations */ > > static int selinux_revalidate_file_permission(struct file *file, int mask) > @@ -5917,6 +5931,8 @@ static struct security_operations selinux_ops = { > .inode_setsecurity = selinux_inode_setsecurity, > .inode_listsecurity = selinux_inode_listsecurity, > .inode_getsecid = selinux_inode_getsecid, > + .inode_copy_up = selinux_inode_copy_up, > + .inode_copy_up_xattr = selinux_inode_copy_up_xattr, > > .file_permission = selinux_file_permission, > .file_alloc_security = selinux_file_alloc_security, > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >