From: Stephen Smalley <sds@tycho.nsa.gov>
To: Ondrej Mosnacek <omosnace@redhat.com>,
selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com>
Cc: linux-security-module@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Tejun Heo <tj@kernel.org>,
linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org
Subject: Re: [PATCH 1/3] LSM: Add new hook for generic node initialization
Date: Wed, 9 Jan 2019 09:35:39 -0500 [thread overview]
Message-ID: <34700932-359e-5b01-565c-0816dd4a1940@tycho.nsa.gov> (raw)
In-Reply-To: <20190109091028.24485-2-omosnace@redhat.com>
On 1/9/19 4:10 AM, Ondrej Mosnacek wrote:
> This patch introduces a new security hook that is intended for
> initializing the security data for newly created pseudo filesystem
> objects (such as kernfs nodes) that provide a way of storing a
> non-default security context, but need to operate independently from
> mounts.
>
> The main motivation is to allow kernfs nodes to inherit the context of
> the parent under SELinux, similar to the behavior of
> security_inode_init_security(). Other LSMs may implement their own logic
> for handling the creation of new nodes.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> include/linux/lsm_hooks.h | 5 +++++
> include/linux/security.h | 12 ++++++++++++
> security/security.c | 8 ++++++++
> 3 files changed, 25 insertions(+)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index aaeb7fa24dc4..f2b4c0bf4a7b 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1556,6 +1556,10 @@ union security_list_options {
> int (*inode_copy_up)(struct dentry *src, struct cred **new);
> int (*inode_copy_up_xattr)(const char *name);
>
> + int (*object_init_security)(void *parent_ctx, u32 parent_ctxlen,
> + const struct qstr *qstr, u16 mode,
> + void **ctx, u32 *ctxlen);
You'll want to add a kerneldoc comment for the new hook; see the
existing ones for the other hooks at the top of lsm_hooks.h.
> +
> int (*file_permission)(struct file *file, int mask);
> int (*file_alloc_security)(struct file *file);
> void (*file_free_security)(struct file *file);
> @@ -1855,6 +1859,7 @@ struct security_hook_heads {
> struct hlist_head inode_getsecid;
> struct hlist_head inode_copy_up;
> struct hlist_head inode_copy_up_xattr;
> + struct hlist_head object_init_security;
> struct hlist_head file_permission;
> struct hlist_head file_alloc_security;
> struct hlist_head file_free_security;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index d170a5b031f3..e20d1f378ea4 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -315,6 +315,9 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
> void security_inode_getsecid(struct inode *inode, u32 *secid);
> int security_inode_copy_up(struct dentry *src, struct cred **new);
> int security_inode_copy_up_xattr(const char *name);
> +int security_object_init_security(void *parent_ctx, u32 parent_ctxlen,
> + const struct qstr *qstr, u16 mode,
> + void **ctx, u32 *ctxlen);
> int security_file_permission(struct file *file, int mask);
> int security_file_alloc(struct file *file);
> void security_file_free(struct file *file);
> @@ -815,6 +818,15 @@ static inline int security_inode_copy_up_xattr(const char *name)
> return -EOPNOTSUPP;
> }
>
> +static inline int security_object_init_security(void *parent_ctx,
> + u32 parent_ctxlen,
> + const struct qstr *qstr,
> + u16 mode, void **ctx,
> + u32 *ctxlen)
> +{
> + return 0;
> +}
> +
> static inline int security_file_permission(struct file *file, int mask)
> {
> return 0;
> diff --git a/security/security.c b/security/security.c
> index 04d173eb93f6..56e77368b87f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -879,6 +879,14 @@ int security_inode_copy_up_xattr(const char *name)
> }
> EXPORT_SYMBOL(security_inode_copy_up_xattr);
>
> +int security_object_init_security(void *parent_ctx, u32 parent_ctxlen,
> + const struct qstr *qstr, u16 mode,
> + void **ctx, u32 *ctxlen)
> +{
> + return call_int_hook(object_init_security, 0, parent_ctx, parent_ctxlen,
> + qstr, mode, ctx, ctxlen);
> +}
> +
> int security_file_permission(struct file *file, int mask)
> {
> int ret;
>
next prev parent reply other threads:[~2019-01-09 14:36 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-09 9:10 [PATCH 0/3] Allow initializing the kernfs node's secctx based on its parent Ondrej Mosnacek
2019-01-09 9:10 ` [PATCH 1/3] LSM: Add new hook for generic node initialization Ondrej Mosnacek
2019-01-09 14:35 ` Stephen Smalley [this message]
2019-01-09 16:06 ` Ondrej Mosnacek
2019-01-09 9:10 ` [PATCH 2/3] selinux: Implement the object_init_security hook Ondrej Mosnacek
2019-01-09 14:40 ` Stephen Smalley
2019-01-11 1:58 ` Paul Moore
2019-01-09 9:10 ` [PATCH 3/3] kernfs: Initialize security of newly created nodes Ondrej Mosnacek
2019-01-09 15:44 ` Stephen Smalley
2019-01-11 2:08 ` Paul Moore
2019-01-11 20:50 ` [PATCH 0/3] Allow initializing the kernfs node's secctx based on its parent Tejun Heo
2019-01-14 9:14 ` Ondrej Mosnacek
2019-01-14 9:29 ` Ondrej Mosnacek
[not found] ` <64977013-e2a5-809d-7a3f-bffbda9276aa@redhat.com>
2019-01-17 16:15 ` Tejun Heo
2019-01-17 16:39 ` Stephen Smalley
2019-01-17 20:30 ` Daniel Walsh
2019-01-17 20:35 ` Daniel Walsh
2019-01-14 15:50 ` Tejun Heo
2019-01-15 14:36 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=34700932-359e-5b01-565c-0816dd4a1940@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=cgroups@vger.kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).