Stephen Smalley
2015-Oct-27 12:32 UTC
[Ocfs2-devel] [PATCH v3 0/7] Inode security label invalidation
On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:> Here is another version of the patch queue to make gfs2 and similar file > systems work with SELinux. As suggested by Stephen Smalley [*], the relevant > uses of inode->security are wrapped in function calls that try to revalidate > invalid labels. > > [*] http://marc.info/?l=linux-kernel&m=144416710207686&w=2 > > The patches are looking good from my point of view; is there anything else that > needs addressing? > > Does SELinux have test suites that these patches could be tested agains?git clone https://github.com/SELinuxProject/selinux-testsuite sudo yum install perl-Test perl-Test-Harness selinux-policy-devel gcc libselinux-devel net-tools netlabel_tools iptables cd selinux-testsuite sudo make test> > Thanks, > Andreas > > Andreas Gruenbacher (7): > selinux: Remove unused variable in selinux_inode_init_security > selinux: Add accessor functions for inode->i_security > selinux: Get rid of file_path_has_perm > selinux: Push dentry down from {dentry,path,file}_has_perm > security: Add hook to invalidate inode security labels > selinux: Revalidate invalid inode security labels > gfs2: Invalide security labels of inodes when they go invalid > > fs/gfs2/glops.c | 2 + > include/linux/lsm_hooks.h | 6 ++ > include/linux/security.h | 5 + > security/security.c | 8 ++ > security/selinux/hooks.c | 213 ++++++++++++++++++++++---------------- > security/selinux/include/objsec.h | 6 ++ > 6 files changed, 152 insertions(+), 88 deletions(-) >