From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: ebiederm@xmission.com
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
john.johansen@canonical.com
Subject: Re: [PATCH 00/23] Removal of binary sysctl support
Date: Fri, 20 Nov 2009 07:17:53 +0900 [thread overview]
Message-ID: <200911200717.CDF87535.JQMSFFtOFVOHOL@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <m1ocmy4d7b.fsf@fess.ebiederm.org>
Hello.
Eric W. Biederman wrote:
> > Indeed. TOMOYO and AppArmor need a hint for prepending "/proc" prefix.
> > A simple implementation which adds one bit to task_struct is shown below.
> > In this way, not only the file permission checks inside dentry_open()
> > but also the directory permission checks inside vfs_path_lookup() can be
> > prepended "/proc" prefix. AppArmor might want to prepend "/proc" inside
> > vfs_path_lookup().
>
> There don't appear to be any security hooks in vfs_path_lookup().
>
OK. Then, AppArmor won't be confused.
> Instead of current->in_sysctl we can just look at the path and see if
> it is the root of the mount chain and if the fs is proc.
>
> Something like:
>
> diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
> index 5f2e332..0b55faa 100644
> --- a/security/tomoyo/realpath.c
> +++ b/security/tomoyo/realpath.c
> @@ -108,6 +108,15 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
> spin_unlock(&dcache_lock);
> path_put(&root);
> path_put(&ns_root);
> + /* Prepend "/proc" prefix if using internal proc vfs mount. */
> + if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) &&
> + (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) {
> + sp -= 5;
> + if (sp >= newname)
> + memcpy(sp, "/proc", 5);
> + else
> + sp = ERR_PTR(-ENOMEM);
> + }
> }
> if (IS_ERR(sp))
> error = PTR_ERR(sp);
Above patch works. Please proceed. Thank you.
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Why not to use path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC rather than
strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0 ?
next prev parent reply other threads:[~2009-11-19 22:17 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-08 12:20 [PATCH 00/23] Removal of binary sysctl support Eric W. Biederman
2009-11-08 13:15 ` Tetsuo Handa
2009-11-08 23:39 ` Eric W. Biederman
2009-11-09 0:12 ` Tetsuo Handa
2009-11-09 0:35 ` Eric W. Biederman
2009-11-18 18:44 ` Eric W. Biederman
2009-11-18 22:04 ` Tetsuo Handa
2009-11-18 22:45 ` Eric W. Biederman
2009-11-19 14:33 ` Tetsuo Handa
2009-11-19 17:49 ` Eric W. Biederman
2009-11-19 22:17 ` Tetsuo Handa [this message]
2009-11-19 22:22 ` Eric W. Biederman
2009-11-19 22:35 ` John Johansen
-- strict thread matches above, loose matches on Subject: below --
2009-11-08 12:16 Eric W. Biederman
2009-11-08 13:06 ` Arnd Bergmann
2009-11-09 3:44 ` Eric W. Biederman
2009-11-08 12:15 Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200911200717.CDF87535.JQMSFFtOFVOHOL@I-love.SAKURA.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=ebiederm@xmission.com \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.