From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754802AbbFLPbD (ORCPT ); Fri, 12 Jun 2015 11:31:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41373 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753272AbbFLPa7 (ORCPT ); Fri, 12 Jun 2015 11:30:59 -0400 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <16216.1417109138@warthog.procyon.org.uk> References: <16216.1417109138@warthog.procyon.org.uk> <545A51CB.6070107@tycho.nsa.gov> <20141105154217.2555.578.stgit@warthog.procyon.org.uk> <20141105154307.2555.9847.stgit@warthog.procyon.org.uk> To: Stephen Smalley Cc: dhowells@redhat.com, linux-unionfs@vger.kernel.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 5/7] SELinux: Handle opening of a unioned file MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <8812.1434123054.1@warthog.procyon.org.uk> Date: Fri, 12 Jun 2015 16:30:54 +0100 Message-ID: <8813.1434123054@warthog.procyon.org.uk> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Stephen, David Howells wrote: > Stephen Smalley wrote: > > > Also, would be good to create a common helper for use here, by > > selinux_dentry_init_security(), selinux_inode_init_security(), and > > may_create(). Already some seeming potential for inconsistencies there. > > selinux_dentry_init_security() and selinux_inode_init_security() do > something different depending on SECURITY_FS_USE_MNTPOINT. Is the dentry > variant wrong? Shouldn't it be using the mountpoint label if that flag _is_ > set? Any answer to that? David From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells In-Reply-To: <16216.1417109138@warthog.procyon.org.uk> References: <16216.1417109138@warthog.procyon.org.uk> <545A51CB.6070107@tycho.nsa.gov> <20141105154217.2555.578.stgit@warthog.procyon.org.uk> <20141105154307.2555.9847.stgit@warthog.procyon.org.uk> To: Stephen Smalley Subject: Re: [PATCH 5/7] SELinux: Handle opening of a unioned file MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 12 Jun 2015 16:30:54 +0100 Message-ID: <8813.1434123054@warthog.procyon.org.uk> Cc: linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Hi Stephen, David Howells wrote: > Stephen Smalley wrote: > > > Also, would be good to create a common helper for use here, by > > selinux_dentry_init_security(), selinux_inode_init_security(), and > > may_create(). Already some seeming potential for inconsistencies there. > > selinux_dentry_init_security() and selinux_inode_init_security() do > something different depending on SECURITY_FS_USE_MNTPOINT. Is the dentry > variant wrong? Shouldn't it be using the mountpoint label if that flag _is_ > set? Any answer to that? David