[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ceph-devel
Subject:    Re: [PATCH 35/64] cachefiles: Add security derivation
From:       David Howells <dhowells () redhat ! com>
Date:       2021-11-29 21:40:55
Message-ID: 302431.1638222055 () warthog ! procyon ! org ! uk
[Download RAW message or body]

I missed out the patch description:

    cachefiles: Add security derivation
    
    Implement code to derive a new set of creds for the cachefiles to use when
    making VFS or I/O calls and to change the auditing info since the
    application interacting with the network filesystem is not accessing the
    cache directly.  Cachefiles uses override_creds() to change the effective
    creds temporarily.
    
    set_security_override_from_ctx() is called to derive the LSM 'label' that
    the cachefiles driver will act with.  set_create_files_as() is called to
    determine the LSM 'label' that will be applied to files and directories
    created in the cache.  These functions alter the new creds.
    
    Also implement a couple of functions to wrap the calls to begin/end cred
    overriding.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: linux-cachefs@redhat.com

David

[prev in list] [next in list] [prev in thread] [next in thread]