inode object security label

In the latest version of AppCL LSM the following security hooks are updated to manage the security labelling of the kernel ‘inode’ object (file system objects, such as files, directories and symlinks). SELinux was consulted for inode security labelling techniques :


Screen Shot 2015-11-26 at 18.08.42

  • Security hook now passes the ‘inode_security_struct’ to the ‘i_security’ attribute within the inode object.
  • inode_security_struct is defined in ‘appcl_lsm.h’.
  • This is defined as the inode security label.
  • AppCL must decide attributes to label within the inode_security_struct, and then manage security decisions using the inode security label values.


Screen Shot 2015-11-26 at 17.48.40

  • Security hook free’s the allocated inode_security_struct.

The output from the kernel log shows an example inode and some of the values associated with the inode_security_struct (inode security label).

Screen Shot 2015-11-26 at 18.33.46

AppCL LSM must properly decide security label attributes, define handlers to process these attributes and mediate access based on application specific identifiers.

To view the public git for this project visit:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s