On Fri, Feb 07, 2014 at 11:22:12AM -0700, Eric Blake wrote:
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote: My overall thoughts:
If we had a way to do _just_ the mknod, then open the file, and pass the fd back to the parent, then do labeling on the fd from the parent context (rather than on the path in the child context), it would make for a smaller child action easier to audit. But I'm not sure that would get the labeling right - it looks like we have to label the actual path name in the child. Or even if selinux took a leaf from openat() and friends, and gave us the ability to do actions on a name relative to an fd, then all we'd need to do is fork, change namespace, open the fd of the container directory, pass that back, then do the remaining options in the parent, where life is much easier.
The FD passing idea is interesting. I think I will explore that idea further to see if it is viable before we finalize this. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|