From: David Howells <dhowells@redhat.com>
To: viro@zeniv.linux.org.uk
Cc: dhowells@redhat.com, raven@themaw.net, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
mszeredi@redhat.com
Subject: [PATCH 05/25] fsinfo: Implement retrieval of LSM parameters with fsinfo() [ver #13]
Date: Tue, 28 May 2019 16:11:44 +0100 [thread overview]
Message-ID: <155905630451.1662.10595357703610080056.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <155905626142.1662.18430571708534506785.stgit@warthog.procyon.org.uk>
Implement LSM parameter value retrieval with fsinfo() - akin to parsing
/proc/mounts. This allows all the LSM parameters to be retrieved in one go
with:
struct fsinfo_params params = {
.request = FSINFO_ATTR_LSM_PARAMETER,
};
The format is a blob containing pairs of length-prefixed strings to avoid
the need to escape commas and suchlike in the values. This is the same as
for FSINFO_ATTR_PARAMETER.
Signed-off-by: David Howells <dhowells@redhat.com>
---
fs/fsinfo.c | 21 +++++++++++++++------
include/linux/lsm_hooks.h | 13 +++++++++++++
include/linux/security.h | 11 +++++++++++
include/uapi/linux/fsinfo.h | 1 +
samples/vfs/test-fsinfo.c | 6 +++++-
security/security.c | 12 ++++++++++++
6 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/fs/fsinfo.c b/fs/fsinfo.c
index 2da321b34bdf..256a87b62eed 100644
--- a/fs/fsinfo.c
+++ b/fs/fsinfo.c
@@ -341,7 +341,8 @@ static int vfs_fsinfo(struct path *path, struct fsinfo_kparams *params)
int (*fsinfo)(struct path *, struct fsinfo_kparams *);
int ret;
- if (params->request == FSINFO_ATTR_FSINFO) {
+ switch (params->request) {
+ case FSINFO_ATTR_FSINFO: {
struct fsinfo_fsinfo *info = params->buffer;
info->max_attr = FSINFO_ATTR__NR;
@@ -349,11 +350,18 @@ static int vfs_fsinfo(struct path *path, struct fsinfo_kparams *params)
return sizeof(*info);
}
- fsinfo = dentry->d_sb->s_op->fsinfo;
- if (!fsinfo) {
- if (!dentry->d_sb->s_op->statfs)
- return -EOPNOTSUPP;
- fsinfo = generic_fsinfo;
+ case FSINFO_ATTR_LSM_PARAMETERS:
+ fsinfo = security_sb_fsinfo;
+ break;
+
+ default:
+ fsinfo = dentry->d_sb->s_op->fsinfo;
+ if (!fsinfo) {
+ if (!dentry->d_sb->s_op->statfs)
+ return -EOPNOTSUPP;
+ fsinfo = generic_fsinfo;
+ }
+ break;
}
ret = security_sb_statfs(dentry);
@@ -533,6 +541,7 @@ static const struct fsinfo_attr_info fsinfo_buffer_info[FSINFO_ATTR__NR] = {
FSINFO_STRUCT_N (PARAM_SPECIFICATION, param_specification),
FSINFO_STRUCT_N (PARAM_ENUM, param_enum),
FSINFO_OPAQUE (PARAMETERS, -),
+ FSINFO_OPAQUE (LSM_PARAMETERS, -),
};
/**
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 47f58cfb6a19..2474c3f785ca 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -108,6 +108,13 @@
* mountpoint.
* @dentry is a handle on the superblock for the filesystem.
* Return 0 if permission is granted.
+ * @sb_fsinfo:
+ * Query LSM information for a filesystem.
+ * @path is a handle on the superblock for the filesystem.
+ * @params is the fsinfo parameter and buffer block.
+ * - Currently, params->request can only be FSINFO_ATTR_LSM_PARAMETERS.
+ * Return the length of the data in the buffer (and can return -ENODATA to
+ * indicate no value under certain circumstances).
* @sb_mount:
* Check permission before an object specified by @dev_name is mounted on
* the mount point named by @nd. For an ordinary mount, @dev_name
@@ -1492,6 +1499,9 @@ union security_list_options {
int (*sb_kern_mount)(struct super_block *sb);
int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
int (*sb_statfs)(struct dentry *dentry);
+#ifdef CONFIG_FSINFO
+ int (*sb_fsinfo)(struct path *path, struct fsinfo_kparams *params);
+#endif
int (*sb_mount)(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data);
int (*sb_umount)(struct vfsmount *mnt, int flags);
@@ -1838,6 +1848,9 @@ struct security_hook_heads {
struct hlist_head sb_kern_mount;
struct hlist_head sb_show_options;
struct hlist_head sb_statfs;
+#ifdef CONFIG_FSINFO
+ struct hlist_head sb_fsinfo;
+#endif
struct hlist_head sb_mount;
struct hlist_head sb_umount;
struct hlist_head sb_pivotroot;
diff --git a/include/linux/security.h b/include/linux/security.h
index 659071c2e57c..23c8b602c0ab 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -57,6 +57,7 @@ struct mm_struct;
struct fs_context;
struct fs_parameter;
enum fs_value_type;
+struct fsinfo_kparams;
/* Default (no) options for the capable function */
#define CAP_OPT_NONE 0x0
@@ -237,6 +238,9 @@ int security_sb_remount(struct super_block *sb, void *mnt_opts);
int security_sb_kern_mount(struct super_block *sb);
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
int security_sb_statfs(struct dentry *dentry);
+#ifdef CONFIG_FSINFO
+int security_sb_fsinfo(struct path *path, struct fsinfo_kparams *params);
+#endif
int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data);
int security_sb_umount(struct vfsmount *mnt, int flags);
@@ -575,6 +579,13 @@ static inline int security_sb_statfs(struct dentry *dentry)
return 0;
}
+#ifdef CONFIG_FSINFO
+static inline int security_sb_fsinfo(struct path *path, struct fsinfo_kparams *params)
+{
+ return 0;
+}
+#endif
+
static inline int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data)
diff --git a/include/uapi/linux/fsinfo.h b/include/uapi/linux/fsinfo.h
index 0f134847e88b..dae2e8dd757e 100644
--- a/include/uapi/linux/fsinfo.h
+++ b/include/uapi/linux/fsinfo.h
@@ -31,6 +31,7 @@ enum fsinfo_attribute {
FSINFO_ATTR_PARAM_SPECIFICATION = 13, /* Nth parameter specification */
FSINFO_ATTR_PARAM_ENUM = 14, /* Nth enum-to-val */
FSINFO_ATTR_PARAMETERS = 15, /* Mount parameters (large string) */
+ FSINFO_ATTR_LSM_PARAMETERS = 16, /* LSM Mount parameters (large string) */
FSINFO_ATTR__NR
};
diff --git a/samples/vfs/test-fsinfo.c b/samples/vfs/test-fsinfo.c
index 2960fa2b9843..e98384e8fb46 100644
--- a/samples/vfs/test-fsinfo.c
+++ b/samples/vfs/test-fsinfo.c
@@ -82,6 +82,7 @@ static const struct fsinfo_attr_info fsinfo_buffer_info[FSINFO_ATTR__NR] = {
FSINFO_STRUCT_N (PARAM_SPECIFICATION, param_specification),
FSINFO_STRUCT_N (PARAM_ENUM, param_enum),
FSINFO_OVERLARGE (PARAMETERS, -),
+ FSINFO_OVERLARGE (LSM_PARAMETERS, -),
};
#define FSINFO_NAME(X,Y) [FSINFO_ATTR_##X] = #Y
@@ -102,6 +103,7 @@ static const char *fsinfo_attr_names[FSINFO_ATTR__NR] = {
FSINFO_NAME (PARAM_SPECIFICATION, param_specification),
FSINFO_NAME (PARAM_ENUM, param_enum),
FSINFO_NAME (PARAMETERS, parameters),
+ FSINFO_NAME (LSM_PARAMETERS, lsm_parameters),
};
union reply {
@@ -452,6 +454,7 @@ static int try_one(const char *file, struct fsinfo_params *params, bool raw)
switch (params->request) {
case FSINFO_ATTR_PARAMETERS:
+ case FSINFO_ATTR_LSM_PARAMETERS:
if (ret == 0)
return 0;
}
@@ -498,7 +501,8 @@ static int try_one(const char *file, struct fsinfo_params *params, bool raw)
return 0;
case __FSINFO_OVER:
- if (params->request == FSINFO_ATTR_PARAMETERS)
+ if (params->request == FSINFO_ATTR_PARAMETERS ||
+ params->request == FSINFO_ATTR_LSM_PARAMETERS)
dump_params(about, r, ret);
return 0;
diff --git a/security/security.c b/security/security.c
index 613a5c00e602..3af886e8fced 100644
--- a/security/security.c
+++ b/security/security.c
@@ -25,6 +25,7 @@
#include <linux/ima.h>
#include <linux/evm.h>
#include <linux/fsnotify.h>
+#include <linux/fsinfo.h>
#include <linux/mman.h>
#include <linux/mount.h>
#include <linux/personality.h>
@@ -821,6 +822,17 @@ int security_sb_statfs(struct dentry *dentry)
return call_int_hook(sb_statfs, 0, dentry);
}
+#ifdef CONFIG_FSINFO
+int security_sb_fsinfo(struct path *path, struct fsinfo_kparams *params)
+{
+ int ret = -ENODATA;
+
+ if (params->request == FSINFO_ATTR_LSM_PARAMETERS)
+ ret = 0; /* This is cumulative amongst all LSMs */
+ return call_int_hook(sb_fsinfo, ret, path, params);
+}
+#endif
+
int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
next prev parent reply other threads:[~2019-05-28 15:11 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 15:11 [PATCH 00/25] VFS: Introduce filesystem information query syscall [ver #13] David Howells
2019-05-28 15:11 ` [PATCH 01/25] vfs: syscall: Add fsinfo() to query filesystem information " David Howells
2019-05-29 7:42 ` Miklos Szeredi
2019-06-18 22:24 ` David Howells
2019-05-28 15:11 ` [PATCH 02/25] vfs: Allow fsinfo() to query what's in an fs_context " David Howells
2019-06-21 9:47 ` Christian Brauner
2019-06-21 13:12 ` David Howells
2019-06-21 13:16 ` Christian Brauner
2019-06-21 13:16 ` Christian Brauner
2019-06-21 13:28 ` Christian Brauner
2019-06-21 14:50 ` David Howells
2019-05-28 15:11 ` [PATCH 03/25] vfs: Allow fsinfo() to be used to query an fs parameter description " David Howells
2019-05-28 15:11 ` [PATCH 04/25] vfs: Implement parameter value retrieval with fsinfo() " David Howells
2019-05-29 8:08 ` Miklos Szeredi
2019-06-18 22:34 ` David Howells
2019-06-19 6:33 ` Miklos Szeredi
2019-05-28 15:11 ` David Howells [this message]
2019-05-28 15:11 ` [PATCH 06/25] vfs: Introduce a non-repeating system-unique superblock ID " David Howells
2019-05-28 15:12 ` [PATCH 07/25] vfs: Allow fsinfo() to look up a mount object by " David Howells
2019-05-28 15:12 ` [PATCH 08/25] vfs: Add mount notification count " David Howells
2019-05-28 15:12 ` [PATCH 09/25] vfs: Allow mount information to be queried by fsinfo() " David Howells
2019-06-01 16:08 ` Joel Fernandes
2019-06-05 12:21 ` Alan Jenkins
2019-06-18 14:00 ` David Howells
2019-05-28 15:12 ` [PATCH 10/25] vfs: fsinfo sample: Mount listing program " David Howells
2019-06-05 12:22 ` Alan Jenkins
2019-05-28 15:12 ` [PATCH 11/25] hugetlbfs: Add support for fsinfo() " David Howells
2019-05-28 15:12 ` [PATCH 12/25] kernfs, cgroup: Add fsinfo support " David Howells
2019-05-28 15:12 ` [PATCH 13/25] fsinfo: Support SELinux superblock parameter retrieval " David Howells
2019-05-28 15:13 ` [PATCH 14/25] fsinfo: Support Smack " David Howells
2019-05-28 15:13 ` [PATCH 15/25] afs: Support fsinfo() " David Howells
2019-05-28 15:13 ` [PATCH 16/25] nfs: " David Howells
2019-05-28 15:13 ` [PATCH 17/25] fsinfo: autofs - add sb operation " David Howells
2019-05-28 15:13 ` [PATCH 18/25] fsinfo: shmem - add tmpfs " David Howells
2019-05-28 15:13 ` [PATCH 19/25] fsinfo: proc - add " David Howells
2019-05-28 15:13 ` [PATCH 20/25] fsinfo: devpts " David Howells
2019-05-28 15:14 ` [PATCH 21/25] fsinfo: pstore " David Howells
2019-05-28 15:14 ` [PATCH 22/25] fsinfo: debugfs " David Howells
2019-05-28 15:14 ` [PATCH 23/25] fsinfo: bpf " David Howells
2019-05-28 15:14 ` [PATCH 24/25] fsinfo: ufs " David Howells
2019-05-28 15:14 ` [PATCH 25/25] fsinfo: Add API documentation " David Howells
2019-06-05 12:21 ` Alan Jenkins
2019-06-18 14:01 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=155905630451.1662.10595357703610080056.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=raven@themaw.net \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.