• Stephen Smalley's avatar
    [PATCH] tmpfs: Enable atomic inode security labeling · 570bc1c2
    Stephen Smalley authored
    This patch modifies tmpfs to call the inode_init_security LSM hook to set
    up the incore inode security state for new inodes before the inode becomes
    accessible via the dcache.
    
    As there is no underlying storage of security xattrs in this case, it is
    not necessary for the hook to return the (name, value, len) triple to the
    tmpfs code, so this patch also modifies the SELinux hook function to
    correctly handle the case where the (name, value, len) pointers are NULL.
    
    The hook call is needed in tmpfs in order to support proper security
    labeling of tmpfs inodes (e.g.  for udev with tmpfs /dev in Fedora).  With
    this change in place, we should then be able to remove the
    security_inode_post_create/mkdir/...  hooks safely.
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Cc: Hugh Dickins <hugh@veritas.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    570bc1c2
shmem.c 55.9 KB