[fmac-discuss] [PATCH] Initialize v_secid in ZFS before first zfs_zaccess()
Stephen Smalley
sds at tycho.nsa.gov
Tue Oct 14 12:59:53 PDT 2008
On Tue, 2008-10-14 at 13:46 -0600, Mark Shellenbaum wrote:
> John Weeks wrote:
> > Move the initialization of v_secid for ZFS down to where the znode is initialized to ensure v_secid is valid before the first zfs_zaccess check. This corrects policy failures that were observed when removing files.
> >
> > fmac_vnode_lookup() was trying to retrieve the context on file systems that did not support system attributes, thus setting v_secid to the wrong value (SECINITSID_FILE).
> >
> > webrev http://cr.opensolaris.org/~jweeks/rmbug/
> >
> > -John
>
> > @@ -1016,6 +1018,13 @@
> > * Not found create new znode/vnode
> > */
> > zp = zfs_znode_alloc(zfsvfs, db, doi.doi_data_block_size);
> > +
> > + /*
> > + * Compute FMAC security identifier
> > + */
> > + pzp = zp->z_phys;
> > + if (ZTOV(zp)->v_type != VLNK && pzp->zp_flags & ZFS_BONUS_SECCTX)
> > + fmac_vnode_init_secid(ZTOV(zp), (char *)(pzp + 1));
>
> Why didn't you do the initialization in zfs_znode_alloc()?
IIUC, here we are setting the secid to match the secctx from the
physical znode when an existing znode is fetched. The other caller of
zfs_znode_alloc() would seem to be zfs_mknode(), where we are creating a
new node (without any secctx at that point) and will subsequently set
the secctx upon zfs_perm_init()->zfs_xvattr_set() and later set the
secid via fmac_vnode_post_create().
--
Stephen Smalley
National Security Agency
More information about the fmac-discuss
mailing list