Received: with ECARTIS (v1.0.0; list netdev); Mon, 04 Apr 2005 07:22:41 -0700 (PDT) Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by oss.sgi.com (8.13.0/8.13.0) with ESMTP id j34EMYCK015993 for ; Mon, 4 Apr 2005 07:22:34 -0700 Received: from tycho.ncsc.mil (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with ESMTP id j34EJDis015970; Mon, 4 Apr 2005 14:19:13 GMT Received: from moss-spartans.epoch.ncsc.mil (moss-spartans [144.51.25.121]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id j34ENsDo029994; Mon, 4 Apr 2005 10:23:55 -0400 (EDT) Subject: Re: [PATCH] Fix SELinux for removal of i_sock From: Stephen Smalley To: "David S. Miller" Cc: jmorris@redhat.com, linux-kernel@vger.kernel.org, netdev@oss.sgi.com, matthew@wil.cx In-Reply-To: <20050401123520.7532528b.davem@davemloft.net> References: <1112385997.14481.192.camel@moss-spartans.epoch.ncsc.mil> <20050401123520.7532528b.davem@davemloft.net> Content-Type: text/plain Organization: National Security Agency Date: Mon, 04 Apr 2005 10:13:53 -0400 Message-Id: <1112624033.7629.61.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-14) Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.83/804/Mon Apr 4 07:38:58 2005 on oss.sgi.com X-Virus-Status: Clean X-archive-position: 1352 X-ecartis-version: Ecartis v1.0.0 Sender: netdev-bounce@oss.sgi.com Errors-to: netdev-bounce@oss.sgi.com X-original-sender: sds@tycho.nsa.gov Precedence: bulk X-list: netdev On Fri, 2005-04-01 at 12:35 -0800, David S. Miller wrote: > On Fri, 01 Apr 2005 15:06:37 -0500 > Stephen Smalley wrote: > > > This patch against -bk eliminates the use of i_sock by SELinux as it > > appears to have been removed recently, breaking the build of SELinux in > > -bk. Simply replacing the i_sock test with an S_ISSOCK test would be > > unsafe in the SELinux code, as the latter will also return true for the > > inodes of socket files in the filesystem, not just the actual socket > > objects IIUC. Hence this patch reworks the SELinux code to avoid the > > need to apply such a test in the first place, part of which was > > obsoleted anyway by earlier changes to SELinux. Please apply. > > > > Signed-off-by: Stephen Smalley > > Signed-off-by: James Morris > > Applied, thanks Stephen. So, just for clarification, since a S_ISSOCK test is not necessarily equivalent to an i_sock test (in the case of inodes of socket files in the filesystem), was removing i_sock truly the right choice? It may not be an issue for typical users of i_sock since you can't open a descriptor to such a socket file, so any code that was acting on an open file shouldn't have to deal with this ambiguity, but could possibly lead to an erroneous use of SOCKET_I on the inode of a socket file in other code (which is what would have happened in SELinux if we had just changed the i_sock test to an ISSOCK test). Thanks, just trying to avoid confusion in the kernel in the future... -- Stephen Smalley National Security Agency