Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966798AbWKOM2t (ORCPT ); Wed, 15 Nov 2006 07:28:49 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S966799AbWKOM2t (ORCPT ); Wed, 15 Nov 2006 07:28:49 -0500 Received: from mx1.redhat.com ([66.187.233.31]:45215 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S966798AbWKOM2t (ORCPT ); Wed, 15 Nov 2006 07:28:49 -0500 From: David Howells In-Reply-To: References: <20061114200621.12943.18023.stgit@warthog.cambridge.redhat.com> <20061114200647.12943.39802.stgit@warthog.cambridge.redhat.com> To: James Morris Cc: David Howells , Linus Torvalds , Andrew Morton , Stephen Smalley , trond.myklebust@fys.uio.no, selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org, aviro@redhat.com, steved@redhat.com Subject: Re: [PATCH 12/19] CacheFiles: Permit a process's create SID to be overridden X-Mailer: MH-E 8.0; nmh 1.1; GNU Emacs 22.0.50 Date: Wed, 15 Nov 2006 12:26:02 +0000 Message-ID: <15153.1163593562@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 828 Lines: 20 James Morris wrote: > > +static u32 selinux_set_fscreate_secid(u32 secid) > ... > The ability to set this needs to be mediated via MAC policy. There could a problem with that... Is it possible for there to be a race? I have to call the function twice per cache op: once to set the file creation security ID and once to restore it back to what it was. However, what happens if I can't restore the original security ID (perhaps the rules changed between the two invocations)? I can't let the task continue as it's now running with the wrong security... David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/