[PATCH 35/64] cachefiles: Add security derivation
David Howells
dhowells at redhat.com
Mon Nov 29 13:40:55 PST 2021
I missed out the patch description:
cachefiles: Add security derivation
Implement code to derive a new set of creds for the cachefiles to use when
making VFS or I/O calls and to change the auditing info since the
application interacting with the network filesystem is not accessing the
cache directly. Cachefiles uses override_creds() to change the effective
creds temporarily.
set_security_override_from_ctx() is called to derive the LSM 'label' that
the cachefiles driver will act with. set_create_files_as() is called to
determine the LSM 'label' that will be applied to files and directories
created in the cache. These functions alter the new creds.
Also implement a couple of functions to wrap the calls to begin/end cred
overriding.
Signed-off-by: David Howells <dhowells at redhat.com>
cc: linux-cachefs at redhat.com
David
More information about the linux-afs
mailing list