• Jarkko Sakkinen's avatar
    Smack: Transmute labels on specified directories · 5c6d1125
    Jarkko Sakkinen authored
    In a situation where Smack access rules allow processes
    with multiple labels to write to a directory it is easy
    to get into a situation where the directory gets cluttered
    with files that the owner can't deal with because while
    they could be written to the directory a process at the
    label of the directory can't write them. This is generally
    the desired behavior, but when it isn't it is a real
    issue.
    
    This patch introduces a new attribute SMACK64TRANSMUTE that
    instructs Smack to create the file with the label of the directory
    under certain circumstances.
    
    A new access mode, "t" for transmute, is made available to
    Smack access rules, which are expanded from "rwxa" to "rwxat".
    If a file is created in a directory marked as transmutable
    and if access was granted to perform the operation by a rule
    that included the transmute mode, then the file gets the
    Smack label of the directory instead of the Smack label of the
    creating process.
    
    Note that this is equivalent to creating an empty file at the
    label of the directory and then having the other process write
    to it. The transmute scheme requires that both the access rule
    allows transmutation and that the directory be explicitly marked.
    Signed-off-by: default avatarJarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
    Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    5c6d1125
smack_lsm.c 79.5 KB