| commit | 254947d47945f2fa02e9b3366594fad2ed127618 | [log] [tgz] |
|---|---|---|
| author | David Howells <dhowells@redhat.com> | Fri Nov 26 14:59:10 2021 +0000 |
| committer | David Howells <dhowells@redhat.com> | Fri Jan 07 13:41:14 2022 +0000 |
| tree | b65de1ad1bcbbc7bfe9aefccff113b9285d2cdf0 | |
| parent | 1493bf74bcf2434a840eacef60c0f56966faa11a [diff] [blame] |
cachefiles: Add security derivation Implement code to derive a new set of creds for the cachefiles to use when making VFS or I/O calls and to change the auditing info since the application interacting with the network filesystem is not accessing the cache directly. Cachefiles uses override_creds() to change the effective creds temporarily. set_security_override_from_ctx() is called to derive the LSM 'label' that the cachefiles driver will act with. set_create_files_as() is called to determine the LSM 'label' that will be applied to files and directories created in the cache. These functions alter the new creds. Also implement a couple of functions to wrap the calls to begin/end cred overriding. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> cc: linux-cachefs@redhat.com Link: https://lore.kernel.org/r/163819627469.215744.3603633690679962985.stgit@warthog.procyon.org.uk/ # v1 Link: https://lore.kernel.org/r/163906928172.143852.15886637013364286786.stgit@warthog.procyon.org.uk/ # v2 Link: https://lore.kernel.org/r/163967138138.1823006.7620933448261939504.stgit@warthog.procyon.org.uk/ # v3 Link: https://lore.kernel.org/r/164021537001.640689.4081334436031700558.stgit@warthog.procyon.org.uk/ # v4
diff --git a/fs/cachefiles/Makefile b/fs/cachefiles/Makefile index 183fb5f..28bbb0d 100644 --- a/fs/cachefiles/Makefile +++ b/fs/cachefiles/Makefile
@@ -4,7 +4,8 @@ # cachefiles-y := \ - main.o + main.o \ + security.o cachefiles-$(CONFIG_CACHEFILES_ERROR_INJECTION) += error_inject.o