Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 00/10] VFS: Provide new mount UAPI
@ 2019-02-19 17:08 David Howells
  2019-02-19 17:08 ` [PATCH 01/10] vfs: syscall: Add open_tree(2) to reference or clone a mount David Howells
                   ` (9 more replies)
  0 siblings, 10 replies; 33+ messages in thread
From: David Howells @ 2019-02-19 17:08 UTC (permalink / raw)
  To: viro
  Cc: linux-api, linux-fsdevel, dhowells, torvalds, ebiederm,
	linux-security-module


Here's a set of patches that creates a number of new system calls to allow
the creation and parameterisation of a filesystem context and the
subsequent use of that context to create or look up a superblock:

	fd = fsopen("afs");
	fsconfig(fd, FSCONFIG_SET_STRING,
		 "source", "#grand.central.org:root.cell.", 0);
	fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);

or reconfigure a superblock:

	fd = fspick(AT_FDCWD, "/nfs/foo", FSPICK_NO_AUTOMOUNT);
	fsconfig(fd, FSCONFIG_SET_FLAG, "noac", NULL, 0);
	fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0);

A mount object can then be created for the superblock which will be
attached to an O_PATH-equivalent file descriptor:

	mfd = fsmount(fd, MS_NODEV);

This can then be moved into place:

	move_mount(mfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH);

move_mount() can be used more generically too, e.g.:

	move_mount(AT_FDCWD, "/mnt/foo", AT_FDCWD, "/mnt/bar", 0);

to move mount subtrees around.

One more system call is available:

	mfd = open_tree(AT_FDCWD, "/mnt/foo", 0)
	mfd = open_tree(AT_FDCWD, "/mnt/foo", OPEN_TREE_CLONE)
	mfd = open_tree(AT_FDCWD, "/mnt/foo", OPEN_TREE_CLONE | AT_RECURSIVE)

This creates an O_PATH-equivalent file descriptor referring to a mount, a
copy of a mount or a copy of a mount subtree that move_mount() can then
move/paste into place.

The patches can be found here also:

	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git

at tag:

	vfs-mount-syscalls

David
---
Al Viro (1):
      vfs: syscall: Add open_tree(2) to reference or clone a mount

David Howells (9):
      vfs: syscall: Add move_mount(2) to move mounts around
      teach move_mount(2) to work with OPEN_TREE_CLONE
      Make anon_inodes unconditional
      vfs: syscall: Add fsopen() to prepare for superblock creation
      vfs: Implement logging through fs_context
      vfs: syscall: Add fsconfig() for configuring and managing a context
      vfs: syscall: Add fsmount() to create a mount for a superblock
      vfs: syscall: Add fspick() to select a superblock for reconfiguration
      vfs: Add a sample program for the new mount API


 arch/arm/kvm/Kconfig                   |    1 
 arch/arm64/kvm/Kconfig                 |    1 
 arch/mips/kvm/Kconfig                  |    1 
 arch/powerpc/kvm/Kconfig               |    1 
 arch/s390/kvm/Kconfig                  |    1 
 arch/x86/Kconfig                       |    1 
 arch/x86/entry/syscalls/syscall_32.tbl |    6 
 arch/x86/entry/syscalls/syscall_64.tbl |    6 
 arch/x86/kvm/Kconfig                   |    1 
 drivers/base/Kconfig                   |    1 
 drivers/char/tpm/Kconfig               |    1 
 drivers/dma-buf/Kconfig                |    1 
 drivers/gpio/Kconfig                   |    1 
 drivers/iio/Kconfig                    |    1 
 drivers/infiniband/Kconfig             |    1 
 drivers/vfio/Kconfig                   |    1 
 fs/Makefile                            |    4 
 fs/file_table.c                        |    9 -
 fs/fs_context.c                        |  160 ++++++++++-
 fs/fsopen.c                            |  477 ++++++++++++++++++++++++++++++++
 fs/internal.h                          |    4 
 fs/namespace.c                         |  477 ++++++++++++++++++++++++++++----
 fs/notify/fanotify/Kconfig             |    1 
 fs/notify/inotify/Kconfig              |    1 
 include/linux/fs.h                     |    7 
 include/linux/fs_context.h             |   38 ++-
 include/linux/lsm_hooks.h              |    6 
 include/linux/module.h                 |    6 
 include/linux/security.h               |    7 
 include/linux/syscalls.h               |    9 +
 include/uapi/linux/fcntl.h             |    2 
 include/uapi/linux/mount.h             |   62 ++++
 init/Kconfig                           |   10 -
 samples/Kconfig                        |    9 -
 samples/Makefile                       |    2 
 samples/statx/Makefile                 |    7 
 samples/statx/test-statx.c             |  258 -----------------
 samples/vfs/Makefile                   |   10 +
 samples/vfs/test-fsmount.c             |  133 +++++++++
 samples/vfs/test-statx.c               |  267 ++++++++++++++++++
 security/security.c                    |    5 
 41 files changed, 1617 insertions(+), 380 deletions(-)
 create mode 100644 fs/fsopen.c
 delete mode 100644 samples/statx/Makefile
 delete mode 100644 samples/statx/test-statx.c
 create mode 100644 samples/vfs/Makefile
 create mode 100644 samples/vfs/test-fsmount.c
 create mode 100644 samples/vfs/test-statx.c


^ permalink raw reply	[flat|nested] 33+ messages in thread

end of thread, back to index

Thread overview: 33+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-19 17:08 [PATCH 00/10] VFS: Provide new mount UAPI David Howells
2019-02-19 17:08 ` [PATCH 01/10] vfs: syscall: Add open_tree(2) to reference or clone a mount David Howells
2019-02-19 17:08 ` [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around David Howells
2019-02-20 12:32   ` Alan Jenkins
2019-02-20 12:41     ` Alan Jenkins
2019-02-20 16:23   ` Jann Horn
2019-07-08 12:02   ` Tetsuo Handa
2019-07-08 13:18     ` Al Viro
2019-07-08 17:12       ` Eric W. Biederman
2019-07-08 18:01         ` Al Viro
2019-07-08 18:13           ` Al Viro
2019-07-08 20:21           ` Al Viro
2019-07-09  0:13             ` Eric W. Biederman
2019-07-09 10:51               ` Tetsuo Handa
2019-07-22 10:12                 ` Tetsuo Handa
2019-07-23  4:16                   ` John Johansen
2019-07-23 13:45                     ` Tetsuo Handa
2019-08-06 10:43                       ` Tetsuo Handa
2019-08-09 15:44                         ` [PATCH] LSM: Disable move_mount() syscall when TOMOYO or AppArmor is enabled Tetsuo Handa
2019-08-22  3:51                         ` [RFC][PATCH] fix d_absolute_path() interplay with fsmount() Al Viro
2019-08-30 10:11                           ` Tetsuo Handa
2019-07-23 21:45             ` [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around James Morris
2019-07-23 23:30               ` Al Viro
2019-02-19 17:08 ` [PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE David Howells
2019-02-20 18:59   ` Alan Jenkins
2019-02-26 17:45   ` Alan Jenkins
2019-02-19 17:08 ` [PATCH 04/10] Make anon_inodes unconditional David Howells
2019-02-19 17:09 ` [PATCH 05/10] vfs: syscall: Add fsopen() to prepare for superblock creation David Howells
2019-02-19 17:09 ` [PATCH 06/10] vfs: Implement logging through fs_context David Howells
2019-02-19 17:09 ` [PATCH 07/10] vfs: syscall: Add fsconfig() for configuring and managing a context David Howells
2019-02-19 17:09 ` [PATCH 08/10] vfs: syscall: Add fsmount() to create a mount for a superblock David Howells
2019-02-19 17:09 ` [PATCH 09/10] vfs: syscall: Add fspick() to select a superblock for reconfiguration David Howells
2019-02-19 17:09 ` [PATCH 10/10] vfs: Add a sample program for the new mount API David Howells

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git