|Main Archive Page > Month Archives > selinux archives|
The function dentry_open() requires to pass the credentials of the acting
process as parameter.
These credentials are actually used for example in SELinux to verify if the
process is allowed to access the inode bound to the dentry by calling the
Despite the fact the verification is done using the passed credentials,
the 'file' object created by calling dentry_open() is labeled with the
credentials of the 'current' process which may differ from the former.
An example of such behavior comes from the ecryptfs filesystem which calls
dentry_open() in order to obtain an unique file descriptor of the inode in
the lower filesystem to serve concurrent requests made on the related
Recently, i made a patch, not yet merged in the mainline, in order to
provide to the dentry_open() function the credentials of the kernel kthread
service instead of those related to the current process.
This allows to assign to the ecryptfs filesystem a privileged role in that
it can perform all privileged operations with its own assigned label,
letting the access control to operate only on objects exposed by ecryptfs.
This patch set is a proposal to modify the labeling behavior of the file
descriptor structure by, first, passing the supplied credentials to the
get_empty_filp() function, then initializing the 'f_cred' field with the
former, and finally, telling LSM security modules which implement the
security_file_alloc() hook (SELinux and SMACK) to use such information to
append the correct label to the file descriptor.
Last note, it seems that Apparmor does not need to be modified because in
the mentioned hook it only allocates its specific structure without
The patch set applies to the latest released kernel v2.6.37-rc3.
Reference of the released ecryptfs patch:
Roberto Sassu (4):
fs: passing task credentials to get_empty_filp()
fs: move file->f_cred initialization before security_file_alloc()
selinux: use file->f_cred to determine task's SID
smack: modified file->f_security assignment in
fs/file_table.c | 8 ++++----
fs/internal.h | 2 +-
fs/namei.c | 2 +-
fs/open.c | 2 +-
security/selinux/hooks.c | 2 +-
security/smack/smack_lsm.c | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.