archive/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-08-15 22:21:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

mm: create security context for memfd_secret inodes

Browse source 
Create a security context for the inodes created by memfd_secret(2) via
the LSM hook inode_init_security_anon to allow a fine grained control.
As secret memory areas can affect hibernation and have a global shared
limit access control might be desirable.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Christian Göttsche 2022-01-25 15:33:04 +01:00 committed by Paul Moore
parent 9691e4f9ba
commit 2bfe15c526
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
mm/secretmem.c
View file

@ -180,11 +180,20 @@ static struct file *secretmem_file_create(unsigned long flags)
{ {
struct file *file = ERR_PTR(-ENOMEM); struct file *file = ERR_PTR(-ENOMEM);
struct inode *inode; struct inode *inode;
const char *anon_name = "[secretmem]";
const struct qstr qname = QSTR_INIT(anon_name, strlen(anon_name));
int err;
inode = alloc_anon_inode(secretmem_mnt->mnt_sb); inode = alloc_anon_inode(secretmem_mnt->mnt_sb);
if (IS_ERR(inode)) if (IS_ERR(inode))
return ERR_CAST(inode); return ERR_CAST(inode);
err = security_inode_init_security_anon(inode, &qname, NULL);
if (err) {
file = ERR_PTR(err);
goto err_free_inode;
}
file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem", file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
O_RDWR, &secretmem_fops); O_RDWR, &secretmem_fops);
if (IS_ERR(file)) if (IS_ERR(file))