[Ocfs2-devel] [PATCH v3 3/7] selinux: Get rid of file_path_has_perm

[Stephen Smalley]

On 10/28/2015 01:31 PM, Stephen Smalley wrote:
> On 10/28/2015 07:48 AM, Andreas Gruenbacher wrote:
>> On Tue, Oct 27, 2015 at 5:40 PM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>>> On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
>>>>
>>>> Use path_has_perm directly instead.
>>>
>>>
>>> This reverts:
>>>
>>> commit 13f8e9810bff12d01807b6f92329111f45218235
>>> Author: David Howells <dhowells at redhat.com>
>>> Date:   Thu Jun 13 23:37:55 2013 +0100
>>>
>>>      SELinux: Institute file_path_has_perm()
>>>
>>>      Create a file_path_has_perm() function that is like path_has_perm() but
>>>      instead takes a file struct that is the source of both the path and the
>>>      inode (rather than getting the inode from the dentry in the path).  This
>>>      is then used where appropriate.
>>>
>>>      This will be useful for situations like unionmount where it will be
>>>      possible to have an apparently-negative dentry (eg. a fallthrough) that
>>> is
>>>      open with the file struct pointing to an inode on the lower fs.
>>>
>>>      Signed-off-by: David Howells <dhowells at redhat.com>
>>>      Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
>>>
>>> which I think David was intending to use as part of his SELinux/overlayfs
>>> support.
>>
>> Okay. As long as overlayfs support in SELinux is in half-finished
>> state, let's leave this alone.
>
> Also, the caller is holding a spinlock (tty_files_lock), so you can't call inode_doinit from
> here.
>
> Try stress testing your patch series by just always setting isec->initialized to LABEL_INVALID.
> Previously the *has_perm functions could be called under essentially any condition, with the exception
> of when in a RCU walk and needing to audit the dname (but they did not previously block/sleep).

file_has_perm() also gets called from match_file() callback to 
iterate_fd(), which holds files->file_lock.