• Stephen Smalley's avatar
    [PATCH] security: enable atomic inode security labeling · 5e41ff9e
    Stephen Smalley authored
    The following patch set enables atomic security labeling of newly created
    inodes by altering the fs code to invoke a new LSM hook to obtain the security
    attribute to apply to a newly created inode and to set up the incore inode
    security state during the inode creation transaction.  This parallels the
    existing processing for setting ACLs on newly created inodes.  Otherwise, it
    is possible for new inodes to be accessed by another thread via the dcache
    prior to complete security setup (presently handled by the
    post_create/mkdir/...  LSM hooks in the VFS) and a newly created inode may be
    left unlabeled on the disk in the event of a crash.  SELinux presently works
    around the issue by ensuring that the incore inode security label is
    initialized to a special SID that is inaccessible to unprivileged processes
    (in accordance with policy), thereby preventing inappropriate access but
    potentially causing false denials on legitimate accesses.  A simple test
    program demonstrates such false denials on SELinux, and the patch solves the
    problem.  Similar such false denials have been encountered in real
    applications.
    
    This patch defines a new inode_init_security LSM hook to obtain the security
    attribute to apply to a newly created inode and to set up the incore inode
    security state for it, and adds a corresponding hook function implementation
    to SELinux.
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    5e41ff9e
security.h 96.9 KB