From: Jan Kara <jack@suse.cz>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: "Jan Kara" <jack@suse.cz>, "Amir Goldstein" <amir73il@gmail.com>,
"Filip Štědronský" <r.lklm@regnarg.cz>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Marko Rauhamaa" <marko.rauhamaa@f-secure.com>
Subject: Re: [RFC 2/2] fanotify: emit FAN_MODIFY_DIR on filesystem changes
Date: Tue, 21 Mar 2017 17:41:22 +0100 [thread overview]
Message-ID: <20170321164122.GA18402@quack2.suse.cz> (raw)
In-Reply-To: <20170321153849.GA15402@fieldses.org>
On Tue 21-03-17 11:38:49, J. Bruce Fields wrote:
> On Sun, Mar 19, 2017 at 11:19:43AM +0100, Jan Kara wrote:
> > On Tue 14-03-17 13:18:01, Amir Goldstein wrote:
> > > On Tue, Mar 14, 2017 at 1:03 AM, Filip Štědronský <r.lklm@regnarg.cz> wrote:
> > > > Besause fanotify requires `struct path`, the event cannot be generated
> > > > directly in `fsnotify_move` and friends because they only get the inode
> > > > (and their callers, `vfs_rename`&co. cannot supply any better info).
> > > > So instead it needs to be generated higher in the call chain, i.e. in
> > > > the callers of functions like `vfs_rename`.
> > > >
> > > > This leads to some code duplication. Currently, there are several places
> > > > whence functions like `vfs_rename` or `vfs_unlink` are called:
> > > >
> > > > * syscall handlers (done)
> > > > * NFS server (done)
> > > > * stacked filesystems
> > > > - ecryptfs (done)
> > > > - overlayfs
> > > > (Currently doesn't report even ordinary fanotify events, because
> > > > it internally clones the upper mount; not sure about the
> > > > rationale. One can always watch the overlay mount instead.)
> > > > * few rather minor things
> > > > - devtmpfs
> > > > (its internal changes are not tied to any vfsmount so it cannot
> > > > emit mount-scoped events)
> > > > - cachefiles (done)
> > > > - ipc/mqueue.c (done)
> > > > - fs/nfsd/nfs4recover.c (done)
> > > > - kernel/bpf/inode.c (done)
> > > > net/unix/af_unix.c (done)
> > > >
> > > > (grep -rE '\bvfs_(rename|unlink|mknod|whiteout|create|mkdir|rmdir|symlink|link)\(')
> > > >
> > > > Signed-off-by: Filip Štědronský <r.lkml@regnarg.cz>
> > > >
> > > > ---
> > > >
> > > > An alternative might be to create wrapper functions like
> > > > vfs_path_(rename|unlink|...). They could also take care of calling
> > > > security_path_(rename|unlink|...), which is currently also up to
> > > > the indvidual callers (possibly with a flag because it might not
> > > > be always desired).
> > >
> > > That's an interesting idea. There is some duplicity between security/audit
> > > hook and fsnotify hooks. It should be interesting to try and deduplicate
> > > some of this code.
> >
> > Yeah, but ecryptfs or nfsd don't actually call these security hooks AFAICT.
>
> We don't? E.g. nfsd_unlink calls vfs_unlink which calls
> security_inode_unlink().
OK, I have not been specific enough :). ecryptfs or nfsd don't call *path*
security hooks AFAICT - e.g. security_path_unlink() from nfsd_unlink().
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2017-03-21 16:41 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-13 23:02 [RFC 1/2] fanotify: new event FAN_MODIFY_DIR Filip Štědronský
2017-03-13 23:03 ` [RFC 2/2] fanotify: emit FAN_MODIFY_DIR on filesystem changes Filip Štědronský
2017-03-14 11:18 ` Amir Goldstein
2017-03-14 14:58 ` Filip Štědronský
2017-03-14 15:35 ` Amir Goldstein
2017-03-15 8:19 ` Marko Rauhamaa
2017-03-15 13:39 ` Jan Kara
2017-03-15 14:18 ` Marko Rauhamaa
2017-03-15 14:44 ` Amir Goldstein
2017-03-19 10:19 ` Jan Kara
2017-03-19 10:37 ` Filip Štědronský
2017-03-19 18:04 ` Jan Kara
2017-03-20 11:40 ` Amir Goldstein
2017-03-20 11:52 ` Filip Štědronský
2017-03-21 15:38 ` J. Bruce Fields
2017-03-21 16:41 ` Jan Kara [this message]
2017-03-21 17:45 ` J. Bruce Fields
2017-03-13 23:16 ` [RFC 1/2] fanotify: new event FAN_MODIFY_DIR Filip Štědronský
2017-03-14 10:40 ` Amir Goldstein
2017-03-14 13:46 ` Filip Štědronský
2017-03-14 15:07 ` Amir Goldstein
2017-03-20 12:10 ` Amir Goldstein
2017-03-14 10:11 ` Amir Goldstein
2017-03-14 12:41 ` Filip Štědronský
2017-03-14 13:55 ` Amir Goldstein
2017-03-14 14:48 ` Filip Štědronský
2017-03-14 22:30 ` Amir Goldstein
2017-03-15 14:05 ` Jan Kara
2017-03-15 14:34 ` Amir Goldstein
2017-03-16 10:38 ` Jan Kara
2017-03-15 4:52 ` Michael Kerrisk
2017-03-15 4:52 ` Michael Kerrisk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170321164122.GA18402@quack2.suse.cz \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=bfields@fieldses.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marko.rauhamaa@f-secure.com \
--cc=r.lklm@regnarg.cz \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.