linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Vivek Goyal <vgoyal@redhat.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: linux-fsdevel@vger.kernel.org,
	SElinux list <selinux@vger.kernel.org>,
	LSM <linux-security-module@vger.kernel.org>,
	virtio-fs-list <virtio-fs@redhat.com>,
	Chirantan Ekbote <chirantan@chromium.org>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Daniel J Walsh <dwalsh@redhat.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Ondrej Mosnacek <omosnace@redhat.com>
Subject: Re: [PATCH v2 2/2] fuse: Send security context of inode on file creation
Date: Tue, 2 Nov 2021 15:09:02 -0400	[thread overview]
Message-ID: <YYGMzi2EJwIX4cIn@redhat.com> (raw)
In-Reply-To: <CAJfpeguMLE1rgpuP7gWWNcip6R+cgp-BdDfdQGtV=TouOVEn4A@mail.gmail.com>

On Tue, Nov 02, 2021 at 04:38:06PM +0100, Miklos Szeredi wrote:
> On Tue, 2 Nov 2021 at 16:30, Vivek Goyal <vgoyal@redhat.com> wrote:
> >
> > On Tue, Nov 02, 2021 at 03:00:30PM +0100, Miklos Szeredi wrote:
> > > On Tue, 12 Oct 2021 at 20:06, Vivek Goyal <vgoyal@redhat.com> wrote:
> 
> > > > @@ -633,7 +713,29 @@ static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
> > > >         args->out_numargs = 1;
> > > >         args->out_args[0].size = sizeof(outarg);
> > > >         args->out_args[0].value = &outarg;
> > > > +
> > > > +       if (init_security) {
> > >
> >
> > Hi Miklos,
> >
> > > Instead of a new arg to create_new_entry(), this could check
> > > args.opcode != FUSE_LINK.
> >
> > Will do.
> >
> > >
> > > > +               unsigned short idx = args->in_numargs;
> > > > +
> > > > +               if ((size_t)idx >= ARRAY_SIZE(args->in_args)) {
> > > > +                       err = -ENOMEM;
> > > > +                       goto out_put_forget_req;
> > > > +               }
> > > > +
> > > > +               err = get_security_context(entry, mode, &security_ctx,
> > > > +                                          &security_ctxlen);
> > > > +               if (err)
> > > > +                       goto out_put_forget_req;
> > > > +
> > > > +               if (security_ctxlen > 0) {
> > >
> > > This doesn't seem right.  How would the server know if this is arg is missing?
> > >
> > > I think if FUSE_SECURITY_CTX was negotiated, then the secctx header
> > > will always need to be added to the MK* requests.
> >
> > Even for the case of FUSE_LINK request? I think I put this check because
> > FUSE_LINK is not sending secctx header. Other requests are appending
> > this header even if a security module is not loaded/enabled.
> 
> No, FUSE_LINK wouldn't even get this far.

You are right. My bad. So looks like this check will always be true
given the current code. get_security_context() will either all
headers with security context or just return zeroed "struct fuse_secctxs",
indicating there are no security context. 

If that's the case, I should be able to get rid of this check. I will
do some more testing.

> 
> > I guess it makes more sense to add secctx header even for FUSE_LINK
> > request. Just that header will mention 0 security contexts are
> > following. This will interface more uniform. I will make this change.
> 
> Why? FUSE_LINK is not an inode creation op, it just shares the
> instantiation part with creation.

Ok, got it. Makes sense. So no sending of zeroed security context header
with FUSE_LINK.

Vivek


  reply	other threads:[~2021-11-02 19:09 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-12 18:06 [PATCH v2 0/2] fuse: Send file/inode security context during creation Vivek Goyal
2021-10-12 18:06 ` [PATCH v2 1/2] fuse: Add a flag FUSE_SECURITY_CTX Vivek Goyal
2021-10-12 19:09   ` Casey Schaufler
2021-10-12 20:38     ` Vivek Goyal
2021-10-12 18:06 ` [PATCH v2 2/2] fuse: Send security context of inode on file creation Vivek Goyal
2021-10-12 18:24   ` Casey Schaufler
2021-10-12 18:34     ` Vivek Goyal
2021-10-12 18:41       ` Casey Schaufler
2021-11-02 14:00   ` Miklos Szeredi
2021-11-02 15:30     ` Vivek Goyal
2021-11-02 15:38       ` Miklos Szeredi
2021-11-02 19:09         ` Vivek Goyal [this message]
2021-10-25 15:55 ` [PATCH v2 0/2] fuse: Send file/inode security context during creation Vivek Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YYGMzi2EJwIX4cIn@redhat.com \
    --to=vgoyal@redhat.com \
    --cc=casey@schaufler-ca.com \
    --cc=chirantan@chromium.org \
    --cc=dwalsh@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=omosnace@redhat.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=virtio-fs@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).