[prev in list] [next in list] [prev in thread] [next in thread]
List: ceph-devel
Subject: Re: [PATCH 35/64] cachefiles: Add security derivation
From: David Howells <dhowells () redhat ! com>
Date: 2021-11-29 21:40:55
Message-ID: 302431.1638222055 () warthog ! procyon ! org ! uk
[Download RAW message or body]
I missed out the patch description:
cachefiles: Add security derivation
Implement code to derive a new set of creds for the cachefiles to use when
making VFS or I/O calls and to change the auditing info since the
application interacting with the network filesystem is not accessing the
cache directly. Cachefiles uses override_creds() to change the effective
creds temporarily.
set_security_override_from_ctx() is called to derive the LSM 'label' that
the cachefiles driver will act with. set_create_files_as() is called to
determine the LSM 'label' that will be applied to files and directories
created in the cache. These functions alter the new creds.
Also implement a couple of functions to wrap the calls to begin/end cred
overriding.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-cachefs@redhat.com
David
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic