linux-sg2042/include
Stephen Smalley 5e41ff9e06 [PATCH] security: enable atomic inode security labeling
The following patch set enables atomic security labeling of newly created
inodes by altering the fs code to invoke a new LSM hook to obtain the security
attribute to apply to a newly created inode and to set up the incore inode
security state during the inode creation transaction.  This parallels the
existing processing for setting ACLs on newly created inodes.  Otherwise, it
is possible for new inodes to be accessed by another thread via the dcache
prior to complete security setup (presently handled by the
post_create/mkdir/...  LSM hooks in the VFS) and a newly created inode may be
left unlabeled on the disk in the event of a crash.  SELinux presently works
around the issue by ensuring that the incore inode security label is
initialized to a special SID that is inaccessible to unprivileged processes
(in accordance with policy), thereby preventing inappropriate access but
potentially causing false denials on legitimate accesses.  A simple test
program demonstrates such false denials on SELinux, and the patch solves the
problem.  Similar such false denials have been encountered in real
applications.

This patch defines a new inode_init_security LSM hook to obtain the security
attribute to apply to a newly created inode and to set up the incore inode
security state for it, and adds a corresponding hook function implementation
to SELinux.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-09 13:57:27 -07:00
..
acpi [ACPI] ACPICA 20050902 2005-09-03 00:15:11 -04:00
asm-alpha [PATCH] Make sparc64 use setup-res.c 2005-09-08 14:57:25 -07:00
asm-arm Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2005-09-08 15:55:23 -07:00
asm-arm26 [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-cris [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-frv [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-generic [PATCH] Make sparc64 use setup-res.c 2005-09-08 14:57:25 -07:00
asm-h8300 [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-i386 [PATCH] i386: CONFIG_ACPI_SRAT typo fix 2005-09-09 13:56:44 -07:00
asm-ia64 Merge branch 'release' of master.kernel.org:/pub/scm/linux/kernel/git/aegl/linux-2.6 2005-09-08 17:26:52 -07:00
asm-m32r [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-m68k [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-m68knommu [PATCH] m68knommu: include ColdFire 523x processor register definitions 2005-09-08 17:27:37 -07:00
asm-mips [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-parisc [PATCH] Make sparc64 use setup-res.c 2005-09-08 14:57:25 -07:00
asm-powerpc [PATCH] powerpc: Fix __power64__ typos that should be __powerpc64__ 2005-09-09 22:11:35 +10:00
asm-ppc [PATCH] powerpc: Merge a few more include files 2005-09-09 22:11:35 +10:00
asm-ppc64 Merge master.kernel.org:/pub/scm/linux/kernel/git/paulus/ppc64-2.6 2005-09-09 10:38:02 -07:00
asm-s390 [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-sh [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-sh64 [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-sparc [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-sparc64 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2005-09-08 15:55:23 -07:00
asm-um [PATCH] remove asm-*/hdreg.h 2005-09-07 16:57:30 -07:00
asm-v850 [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
asm-x86_64 Merge linux-2.6 with linux-acpi-2.6 2005-09-08 01:45:47 -04:00
asm-xtensa [PATCH] Clean up struct flock64 definitions 2005-09-07 16:57:38 -07:00
linux [PATCH] security: enable atomic inode security labeling 2005-09-09 13:57:27 -07:00
math-emu
media [PATCH] I2C: Kill i2c_algorithm.id (6/7) 2005-09-05 09:14:32 -07:00
mtd [MTD] NAND: Honour autoplacement schemes supplied by the caller 2005-05-23 13:20:45 +02:00
net [AX.25]: Make asc2ax() thread-proof 2005-09-08 13:40:41 -07:00
pcmcia [PATCH] pcmcia: fix pcmcia-cs compilation 2005-07-12 16:00:59 -07:00
rdma [PATCH] IB: move include files to include/rdma 2005-08-26 20:37:38 -07:00
rxrpc
scsi Merge by hand (conflicts in sd.c) 2005-09-06 17:52:54 -05:00
sound Merge branch 'upstream' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/misc-2.6 2005-09-07 17:28:25 -07:00
video [PATCH] w100fb: Rewrite for platform independence 2005-09-07 16:57:53 -07:00