About ACL for IPC Object

About ACL for IPC Object

[zhou peng]

Hi all,

There are ACL in file system, but why there are no ACL implementation
in IPC object, eg. shm, message queue, FIFO?
Is there any fine grained granting in ipc object just like in file object?

Thanks,
Best

--
zhoupeng

Re: About ACL for IPC Object

[Jeremy Allison]

On Wed, Jan 20, 2010 at 05:20:00PM +0800, zhou peng wrote:
> Hi all,
> 
> There are ACL in file system, but why there are no ACL implementation
> in IPC object, eg. shm, message queue, FIFO?
> Is there any fine grained granting in ipc object just like in file object?

Not implemented yet, we can add this if you need it
(but probably will be a 3.6.0 feature).

Jeremy.

Re: About ACL for IPC Object

[Jeremy Allison]

On Wed, Jan 20, 2010 at 01:50:48PM -0800, Jeremy Allison wrote:
> On Wed, Jan 20, 2010 at 05:20:00PM +0800, zhou peng wrote:
> > Hi all,
> > 
> > There are ACL in file system, but why there are no ACL implementation
> > in IPC object, eg. shm, message queue, FIFO?
> > Is there any fine grained granting in ipc object just like in file object?
> 
> Not implemented yet, we can add this if you need it
> (but probably will be a 3.6.0 feature).

Never mind, got my lists mixed up and thought this
was a Samba request (sorry :-).

Re: About ACL for IPC Object

[Casey Schaufler]

zhou peng wrote:
> Hi all,
>
> There are ACL in file system, but why there are no ACL implementation
> in IPC object, eg. shm, message queue, FIFO?
>   

Most people haven't noticed that IPC objects are even there, much less
that they have mode bits and not ACLs. Even when we were doing security
evaluations on Unix boxes in the 1990's they were considered insufficiently
interesting to justify the additional work to do ACLs.

If you really want ACLs on IPC objects it would make a dandy little
project for a summer. I would be happy to review patches.

> Is there any fine grained granting in ipc object just like in file object?
>   

As Stephen Smalley points out, you can do it with SELinux, although
that it rather like driving a thumbtack with a bulldozer.

> Thanks,
> Best
>
> --
> zhoupeng
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>
>
>   

Re: About ACL for IPC Object

[Christoph Hellwig]

On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
> zhou peng wrote:
> > Hi all,
> >
> > There are ACL in file system, but why there are no ACL implementation
> > in IPC object, eg. shm, message queue, FIFO?
> >   
> 
> Most people haven't noticed that IPC objects are even there, much less
> that they have mode bits and not ACLs. Even when we were doing security
> evaluations on Unix boxes in the 1990's they were considered insufficiently
> interesting to justify the additional work to do ACLs.
> 
> If you really want ACLs on IPC objects it would make a dandy little
> project for a summer. I would be happy to review patches.

Or use the posix IPC mechanisms.  The Posix shared memory has ACL by
using tmpfs as the backing store, and we could add similar support to
Posix messages queues as they are also backed by a normal filesystem.

Adding this support to the old SYSV IPC mechanisms would be much harder
as they do not fit into the file backed model we use everywhere else at
all.

Re: About ACL for IPC Object

[zhou peng]

Thank you all for so many solutions.

I want to control some IPC object (shm, msg queue, semphore) can be
accessed by which named user or named group just like file objects ACL
do.

I studied the solution you all referred, The SELinux is powerful but
may be somewhat complicated. And I am confused with Christoph
Hellwig‘s solution using tmpfs.

2010/1/21 Christoph Hellwig <hch@infradead.org>:
> On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
>> zhou peng wrote:
>> > Hi all,
>> >
>> > There are ACL in file system, but why there are no ACL implementation
>> > in IPC object, eg. shm, message queue, FIFO?
>> >
>>
>> Most people haven't noticed that IPC objects are even there, much less
>> that they have mode bits and not ACLs. Even when we were doing security
>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>> interesting to justify the additional work to do ACLs.
>>
>> If you really want ACLs on IPC objects it would make a dandy little
>> project for a summer. I would be happy to review patches.

Thanks. It's interesting to add ACL over IPC objects. I want to have a try.

>
> Or use the posix IPC mechanisms.  The Posix shared memory has ACL by
> using tmpfs as the backing store, and we could add similar support to
> Posix messages queues as they are also backed by a normal filesystem.

Christoph Hellwig, This way may be convinent. Could you give some
detailed message. :)
I only find /proc/ipc/shm file which contain the info of shm objs,and
tmpfs on /dev/shm which is empty.

>
> Adding this support to the old SYSV IPC mechanisms would be much harder
> as they do not fit into the file backed model we use everywhere else at
> all.

Just like file objects, the mode bits are implment over IPC objects
without file backed, so I think adding ACL support to IPC objects may
be somewhat reasonable :)

>
>



-- 
zhoupeng

Re: About ACL for IPC Object

[Américo Wang]

(Top-posting fixed.)

On Fri, Jan 22, 2010 at 5:15 PM, zhou peng <ailvpeng25@gmail.com> wrote:
>
> 2010/1/21 Christoph Hellwig <hch@infradead.org>:
>> On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
>>> zhou peng wrote:
>>> > Hi all,
>>> >
>>> > There are ACL in file system, but why there are no ACL implementation
>>> > in IPC object, eg. shm, message queue, FIFO?
>>> >
>>>
>>> Most people haven't noticed that IPC objects are even there, much less
>>> that they have mode bits and not ACLs. Even when we were doing security
>>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>>> interesting to justify the additional work to do ACLs.
>>>
>>> If you really want ACLs on IPC objects it would make a dandy little
>>> project for a summer. I would be happy to review patches.
>
> Thanks. It's interesting to add ACL over IPC objects. I want to have a try.
>
>>
>> Or use the posix IPC mechanisms.  The Posix shared memory has ACL by
>> using tmpfs as the backing store, and we could add similar support to
>> Posix messages queues as they are also backed by a normal filesystem.
>
> Christoph Hellwig, This way may be convinent. Could you give some
> detailed message. :)
> I only find /proc/ipc/shm file which contain the info of shm objs,and
> tmpfs on /dev/shm which is empty.
>
>>
>> Adding this support to the old SYSV IPC mechanisms would be much harder
>> as they do not fit into the file backed model we use everywhere else at
>> all.
>
> Just like file objects, the mode bits are implment over IPC objects
> without file backed, so I think adding ACL support to IPC objects may
> be somewhat reasonable :)
>
> Thank you all for so many solutions.
>
> I want to control some IPC object (shm, msg queue, semphore) can be
> accessed by which named user or named group just like file objects ACL
> do.
>
> I studied the solution you all referred, The SELinux is powerful but
> may be somewhat complicated. And I am confused with Christoph
> Hellwig‘s solution using tmpfs.

Well, only posix semphores and posix share memory use tmpfs, I think,
posix msg queues use "mqueue" instead.

Re: About ACL for IPC Object

[zhou peng]

I have tested posix sem,posix shm and posix msg queue for ACL on
fedora 12 with kernel 2.6.32.

Posix sem and posix shm using tmpfs monted by default support ACL well .
Posix msg queue use mqueue fs mounted by manual but it seem not
surpoort ACL well. It failed for setting named ACL item:
{
 $ mkdir /dev/mqueue
 $ mount -o rw, acl -t mqueue none /dev/mqueue
 $cd /dev/mqueue
 "/mq" msg queue object created and used by processes properly

 $getfacl mq
   #file: mq
   #owner:root
   #group:root
   user:rw-
   group::---
   other::---

 $setfacl -m u:testuser:rw mq                                   /* failed here*/
 $setfacl: mq :Operation not supported
 but mqueue fs works well for setting owner user and owner group items.
}

I am not sure whether mqueue don't support acl or I make mistake.

2010/1/22 Américo Wang <xiyou.wangcong@gmail.com>:
> (Top-posting fixed.)
>
> On Fri, Jan 22, 2010 at 5:15 PM, zhou peng <ailvpeng25@gmail.com> wrote:
>>
>> 2010/1/21 Christoph Hellwig <hch@infradead.org>:
>>> On Wed, Jan 20, 2010 at 07:02:27PM -0800, Casey Schaufler wrote:
>>>> zhou peng wrote:
>>>> > Hi all,
>>>> >
>>>> > There are ACL in file system, but why there are no ACL implementation
>>>> > in IPC object, eg. shm, message queue, FIFO?
>>>> >
>>>>
>>>> Most people haven't noticed that IPC objects are even there, much less
>>>> that they have mode bits and not ACLs. Even when we were doing security
>>>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>>>> interesting to justify the additional work to do ACLs.
>>>>
>>>> If you really want ACLs on IPC objects it would make a dandy little
>>>> project for a summer. I would be happy to review patches.
>>
>> Thanks. It's interesting to add ACL over IPC objects. I want to have a try.
>>
>>>
>>> Or use the posix IPC mechanisms.  The Posix shared memory has ACL by
>>> using tmpfs as the backing store, and we could add similar support to
>>> Posix messages queues as they are also backed by a normal filesystem.
>>
>> Christoph Hellwig, This way may be convinent. Could you give some
>> detailed message. :)
>> I only find /proc/ipc/shm file which contain the info of shm objs,and
>> tmpfs on /dev/shm which is empty.
>>
>>>
>>> Adding this support to the old SYSV IPC mechanisms would be much harder
>>> as they do not fit into the file backed model we use everywhere else at
>>> all.
>>
>> Just like file objects, the mode bits are implment over IPC objects
>> without file backed, so I think adding ACL support to IPC objects may
>> be somewhat reasonable :)
>>
>> Thank you all for so many solutions.
>>
>> I want to control some IPC object (shm, msg queue, semphore) can be
>> accessed by which named user or named group just like file objects ACL
>> do.
>>
>> I studied the solution you all referred, The SELinux is powerful but
>> may be somewhat complicated. And I am confused with Christoph
>> Hellwig‘s solution using tmpfs.
>
> Well, only posix semphores and posix share memory use tmpfs, I think,
> posix msg queues use "mqueue" instead.
>



-- 
zhoupeng

Re: About ACL for IPC Object

[Américo Wang]

On Mon, Jan 25, 2010 at 11:21:44PM +0800, zhou peng wrote:
>I have tested posix sem,posix shm and posix msg queue for ACL on
>fedora 12 with kernel 2.6.32.
>
>Posix sem and posix shm using tmpfs monted by default support ACL well .
>Posix msg queue use mqueue fs mounted by manual but it seem not
>surpoort ACL well. It failed for setting named ACL item:
>{
> $ mkdir /dev/mqueue
> $ mount -o rw, acl -t mqueue none /dev/mqueue
> $cd /dev/mqueue
> "/mq" msg queue object created and used by processes properly
>
> $getfacl mq
>   #file: mq
>   #owner:root
>   #group:root
>   user:rw-
>   group::---
>   other::---
>
> $setfacl -m u:testuser:rw mq                                   /* failed here*/
> $setfacl: mq :Operation not supported
> but mqueue fs works well for setting owner user and owner group items.
>}
>
>I am not sure whether mqueue don't support acl or I make mistake.
>

A quick look at the source code shows mqueue doesn't support ACL.


-- 
Live like a child, think like the god.
 

Re: About ACL for IPC Object

[zhou peng]

[-- Attachment #1: Type: text/plain, Size: 1399 bytes --]

Hi,

I have added ACL support to POSIX msg queue on linux kernel 2.6.32.
Casey Schaufler, would you or anyone like review the patch for me please?
The patch is attached.

Best,

2010/1/21 Casey Schaufler <casey@schaufler-ca.com>:
> zhou peng wrote:
>> Hi all,
>>
>> There are ACL in file system, but why there are no ACL implementation
>> in IPC object, eg. shm, message queue, FIFO?
>>
>
> Most people haven't noticed that IPC objects are even there, much less
> that they have mode bits and not ACLs. Even when we were doing security
> evaluations on Unix boxes in the 1990's they were considered insufficiently
> interesting to justify the additional work to do ACLs.
>
> If you really want ACLs on IPC objects it would make a dandy little
> project for a summer. I would be happy to review patches.
>
>> Is there any fine grained granting in ipc object just like in file object?
>>
>
> As Stephen Smalley points out, you can do it with SELinux, although
> that it rather like driving a thumbtack with a bulldozer.
>
>> Thanks,
>> Best
>>
>> --
>> zhoupeng
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at  http://www.tux.org/lkml/
>>
>>
>>
>
>



-- 
zhoupeng

[-- Attachment #2: mqueue_posix_acl_linux2.6.32.diff --]
[-- Type: application/octet-stream, Size: 10483 bytes --]

diff -r ab5eb3e7d582 -r cd2e9206a81f fs/Kconfig
--- a/fs/Kconfig	Sat Mar 20 12:41:12 2010 +0800
+++ b/fs/Kconfig	Mon Mar 22 19:57:54 2010 +0800
@@ -133,6 +133,13 @@
 
 	  If you don't know what Access Control Lists are, say N.
 
+config MQUEUE_POSIX_ACL
+       bool "Mqueue POSIX Access Control Lists support"
+       select GENERIC_ACL
+       help
+         Mqueue is a file system which is used to suport POSIX msg queue.
+	 Say y to get Access Control Lists support for mqueue file system.
+	  
 config HUGETLBFS
 	bool "HugeTLB file system support"
 	depends on X86 || IA64 || SPARC64 || (S390 && 64BIT) || \
diff -r ab5eb3e7d582 -r cd2e9206a81f include/linux/mqueue.h
--- a/include/linux/mqueue.h	Sat Mar 20 12:41:12 2010 +0800
+++ b/include/linux/mqueue.h	Mon Mar 22 19:57:54 2010 +0800
@@ -1,4 +1,5 @@
 /* Copyright (C) 2003 Krzysztof Benedyczak & Michal Wronski
+   Add ACL support by  Zhou Peng (ailvpeng25@gmail.com), 2010
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -50,4 +51,12 @@
 
 #define NOTIFY_COOKIE_LEN	32
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+int mqueue_check_acl(struct inode *inode, int mask);
+int mqueue_acl_init(struct inode *inode, struct inode *dir);
+
+extern struct xattr_handler mqueue_xattr_acl_access_handler;
+extern struct xattr_handler mqueue_xattr_acl_default_handler;
 #endif
+
+#endif
diff -r ab5eb3e7d582 -r cd2e9206a81f ipc/Makefile
--- a/ipc/Makefile	Sat Mar 20 12:41:12 2010 +0800
+++ b/ipc/Makefile	Mon Mar 22 19:57:54 2010 +0800
@@ -10,3 +10,4 @@
 obj-$(CONFIG_IPC_NS) += namespace.o
 obj-$(CONFIG_POSIX_MQUEUE_SYSCTL) += mq_sysctl.o
 
+obj-$(CONFIG_MQUEUE_POSIX_ACL) += mqueue_acl.o
diff -r ab5eb3e7d582 -r cd2e9206a81f ipc/mqueue.c
--- a/ipc/mqueue.c	Sat Mar 20 12:41:12 2010 +0800
+++ b/ipc/mqueue.c	Mon Mar 22 19:57:54 2010 +0800
@@ -10,6 +10,8 @@
  *
  * Audit:                   George Wilson           (ltcgcw@us.ibm.com)
  *
+ * ACL by  Zhou Peng (ailvpeng25@gmail.com), 2010
+ *
  * This file is released under the GPL.
  */
 
@@ -33,6 +35,8 @@
 #include <linux/pid.h>
 #include <linux/ipc_namespace.h>
 #include <linux/ima.h>
+#include <linux/generic_acl.h>
+#include <linux/xattr.h>
 
 #include <net/sock.h>
 #include "util.h"
@@ -77,6 +81,9 @@
 
 static const struct inode_operations mqueue_dir_inode_operations;
 static const struct file_operations mqueue_file_operations;
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+static const struct inode_operations mqueue_inode_operations;
+#endif
 static const struct super_operations mqueue_super_ops;
 static void remove_notification(struct mqueue_inode_info *info);
 
@@ -84,6 +91,53 @@
 
 static struct ctl_table_header * mq_sysctl_table;
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+/*
+ * Superblocks without xattr inode operations will get security.* xattr
+ * support from the VFS "for free". As soon as we have any other xattrs
+ * like ACLs, we also need to implement the security.* handlers at
+ * filesystem level, though.
+ */
+
+static size_t mqueue_xattr_security_list(struct inode *inode, char *list,
+					size_t list_len, const char *name,
+					size_t name_len)
+{
+	return security_inode_listsecurity(inode, list, list_len);
+}
+
+static int mqueue_xattr_security_get(struct inode *inode, const char *name,
+				    void *buffer, size_t size)
+{
+	if (strcmp(name, "") == 0)
+		return -EINVAL;
+	return xattr_getsecurity(inode, name, buffer, size);
+}
+
+static int mqueue_xattr_security_set(struct inode *inode, const char *name,
+				    const void *value, size_t size, int flags)
+{
+	if (strcmp(name, "") == 0)
+		return -EINVAL;
+	return security_inode_setsecurity(inode, name, value, size, flags);
+}
+
+static struct xattr_handler mqueue_xattr_security_handler = {
+	.prefix = XATTR_SECURITY_PREFIX,
+	.list   = mqueue_xattr_security_list,
+	.get    = mqueue_xattr_security_get,
+	.set    = mqueue_xattr_security_set,
+};
+
+
+static struct xattr_handler *mqueue_xattr_handlers[] = {
+	&mqueue_xattr_acl_access_handler,
+	&mqueue_xattr_acl_default_handler,
+	&mqueue_xattr_security_handler,
+	NULL
+};
+#endif
+
 static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
 {
 	return container_of(inode, struct mqueue_inode_info, vfs_inode);
@@ -121,12 +175,18 @@
 		inode->i_gid = current_fsgid();
 		inode->i_mtime = inode->i_ctime = inode->i_atime =
 				CURRENT_TIME;
-
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+		cache_no_acl(inode);
+#endif
+		
 		if (S_ISREG(mode)) {
 			struct mqueue_inode_info *info;
 			struct task_struct *p = current;
 			unsigned long mq_bytes, mq_msg_tblsz;
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL			
+			inode->i_op = &mqueue_inode_operations;
+#endif
 			inode->i_fop = &mqueue_file_operations;
 			inode->i_size = FILENT_SIZE;
 			/* mqueue specific info */
@@ -195,6 +255,11 @@
 	sb->s_magic = MQUEUE_MAGIC;
 	sb->s_op = &mqueue_super_ops;
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	sb->s_xattr = mqueue_xattr_handlers;
+	sb->s_flags |= MS_POSIXACL;
+#endif
+
 	inode = mqueue_get_inode(sb, ns, S_IFDIR | S_ISVTX | S_IRWXUGO,
 				NULL);
 	if (!inode) {
@@ -316,6 +381,13 @@
 		goto out_unlock;
 	}
 
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	error = mqueue_acl_init(inode, dir);
+	if (error) {
+	    iput(inode);
+	    goto out_unlock;
+	}
+#endif	
 	put_ipc_ns(ipc_ns);
 	dir->i_size += DIRENT_SIZE;
 	dir->i_ctime = dir->i_mtime = dir->i_atime = CURRENT_TIME;
@@ -1216,6 +1288,23 @@
 	.lookup = simple_lookup,
 	.create = mqueue_create,
 	.unlink = mqueue_unlink,
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr    = generic_setxattr,
+	.getxattr    = generic_getxattr,
+	.listxattr   = generic_listxattr,
+	.removexattr = generic_removexattr,
+	.check_acl   = mqueue_check_acl,
+#endif
+};
+
+static const struct inode_operations mqueue_inode_operations = {
+#ifdef CONFIG_MQUEUE_POSIX_ACL
+	.setxattr	= generic_setxattr,
+	.getxattr	= generic_getxattr,
+	.listxattr	= generic_listxattr,
+	.removexattr	= generic_removexattr,
+	.check_acl	= mqueue_check_acl,
+#endif
 };
 
 static const struct file_operations mqueue_file_operations = {
diff -r ab5eb3e7d582 -r cd2e9206a81f ipc/mqueue_acl.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ipc/mqueue_acl.c	Mon Mar 22 19:57:54 2010 +0800
@@ -0,0 +1,172 @@
+/*
+ * ipc/mqueue_acl.c
+ *
+ * Copyright (C) 2010 ZhouPeng <ailvpeng25@gmail.com>
+ *
+ * This file is released under the GPL.
+ */
+
+#include <linux/fs.h>
+#include <linux/mqueue.h>
+#include <linux/xattr.h>
+#include <linux/generic_acl.h>
+
+/**
+ * mqueue_get_acl  -   generic_acl_operations->getacl() operation
+ */
+static struct posix_acl *
+mqueue_get_acl(struct inode *inode, int type)
+{
+	struct posix_acl *acl = NULL;
+
+	spin_lock(&inode->i_lock);
+
+	switch(type) {
+		case ACL_TYPE_ACCESS:
+			acl = posix_acl_dup(inode->i_acl);
+			break;
+
+		case ACL_TYPE_DEFAULT:
+			acl = posix_acl_dup(inode->i_default_acl);
+			break;
+	}
+	spin_unlock(&inode->i_lock);
+
+	return acl;
+}
+
+/**
+ * mqueue_set_acl  -   generic_acl_operations->setacl() operation
+ */
+static void
+mqueue_set_acl(struct inode *inode, int type, struct posix_acl *acl)
+{
+	struct posix_acl *free = NULL;
+
+	spin_lock(&inode->i_lock);
+	switch(type) {
+		case ACL_TYPE_ACCESS:
+			free = inode->i_acl;
+			inode->i_acl = posix_acl_dup(acl);
+			break;
+
+		case ACL_TYPE_DEFAULT:
+			free = inode->i_default_acl;
+			inode->i_default_acl = posix_acl_dup(acl);
+			break;
+	}
+	spin_unlock(&inode->i_lock);
+	posix_acl_release(free);
+}
+
+struct generic_acl_operations mqueue_acl_ops = {
+	.getacl = mqueue_get_acl,
+	.setacl = mqueue_set_acl,
+};
+
+/**
+ * mqueue_list_acl_access, mqueue_get_acl_access, mqueue_set_acl_access,
+ * mqueue_xattr_acl_access_handler  -  plumbing code to implement the
+ * system.posix_acl_access xattr using the generic acl functions.
+ */
+
+static size_t
+mqueue_list_acl_access(struct inode *inode, char *list, size_t list_size,
+		      const char *name, size_t name_len)
+{
+	return generic_acl_list(inode, &mqueue_acl_ops, ACL_TYPE_ACCESS,
+				list, list_size);
+}
+
+static int
+mqueue_get_acl_access(struct inode *inode, const char *name, void *buffer,
+		     size_t size)
+{
+	if (strcmp(name, "") != 0)
+		return -EINVAL;
+	return generic_acl_get(inode, &mqueue_acl_ops, ACL_TYPE_ACCESS, buffer,
+			       size);
+}
+
+static int
+mqueue_set_acl_access(struct inode *inode, const char *name, const void *value,
+		     size_t size, int flags)
+{
+	if (strcmp(name, "") != 0)
+		return -EINVAL;
+	return generic_acl_set(inode, &mqueue_acl_ops, ACL_TYPE_ACCESS, value,
+			       size);
+}
+
+struct xattr_handler mqueue_xattr_acl_access_handler = {
+	.prefix = POSIX_ACL_XATTR_ACCESS,
+	.list	= mqueue_list_acl_access,
+	.get	= mqueue_get_acl_access,
+	.set	= mqueue_set_acl_access,
+};
+
+/**
+ * mqueue_list_acl_default, mqueue_get_acl_default, mqueue_set_acl_default,
+ * mqueue_xattr_acl_default_handler  -  plumbing code to implement the
+ * system.posix_acl_default xattr using the generic acl functions.
+ */
+
+static size_t
+mqueue_list_acl_default(struct inode *inode, char *list, size_t list_size,
+		       const char *name, size_t name_len)
+{
+	return generic_acl_list(inode, &mqueue_acl_ops, ACL_TYPE_DEFAULT,
+				list, list_size);
+}
+
+static int
+mqueue_get_acl_default(struct inode *inode, const char *name, void *buffer,
+		      size_t size)
+{
+	if (strcmp(name, "") != 0)
+		return -EINVAL;
+	return generic_acl_get(inode, &mqueue_acl_ops, ACL_TYPE_DEFAULT, buffer,
+			       size);
+}
+
+static int
+mqueue_set_acl_default(struct inode *inode, const char *name, const void *value,
+		      size_t size, int flags)
+{
+	if (strcmp(name, "") != 0)
+		return -EINVAL;
+	return generic_acl_set(inode, &mqueue_acl_ops, ACL_TYPE_DEFAULT, value,
+			       size);
+}
+
+struct xattr_handler mqueue_xattr_acl_default_handler = {
+	.prefix = POSIX_ACL_XATTR_DEFAULT,
+	.list	= mqueue_list_acl_default,
+	.get	= mqueue_get_acl_default,
+	.set	= mqueue_set_acl_default,
+};
+
+/**
+ * mqueue_acl_init  -  Inizialize the acl(s) of a new inode
+ */
+int
+mqueue_acl_init(struct inode *inode, struct inode *dir)
+{
+	return generic_acl_init(inode, dir, &mqueue_acl_ops);
+}
+
+/**
+ * mqueue_check_acl  -  check_acl() callback for generic_permission()
+ */
+int
+mqueue_check_acl(struct inode *inode, int mask)
+{
+	struct posix_acl *acl = mqueue_get_acl(inode, ACL_TYPE_ACCESS);
+
+	if (acl) {
+		int error = posix_acl_permission(inode, acl, mask);
+		posix_acl_release(acl);
+		return error;
+	}
+	return -EAGAIN;
+}

Re: About ACL for IPC Object

[Christoph Hellwig]

On Tue, Mar 23, 2010 at 05:01:31PM +0800, zhou peng wrote:
> Hi,
> 
> I have added ACL support to POSIX msg queue on linux kernel 2.6.32.
> Casey Schaufler, would you or anyone like review the patch for me please?
> The patch is attached.

There is quite a lot of boilerplate code in the patch.  You might want
to take a look at fs/generic_acl.c and how mm/shmem.c uses it to get
away with a lot less code.

Re: About ACL for IPC Object

[Casey Schaufler]

zhou peng wrote:
> Hi,
>
> I have added ACL support to POSIX msg queue on linux kernel 2.6.32.
> Casey Schaufler, would you or anyone like review the patch for me please?
>   

I didn't see anything horribly wrong, but I have not tested it.
Christoph's comments should be heeded.

> The patch is attached.
>   

Please include patches inline. It is much easier to make specific
comments that way and it is The Way We Do Things.

> Best,
>
> 2010/1/21 Casey Schaufler <casey@schaufler-ca.com>:
>   
>> zhou peng wrote:
>>     
>>> Hi all,
>>>
>>> There are ACL in file system, but why there are no ACL implementation
>>> in IPC object, eg. shm, message queue, FIFO?
>>>
>>>       
>> Most people haven't noticed that IPC objects are even there, much less
>> that they have mode bits and not ACLs. Even when we were doing security
>> evaluations on Unix boxes in the 1990's they were considered insufficiently
>> interesting to justify the additional work to do ACLs.
>>
>> If you really want ACLs on IPC objects it would make a dandy little
>> project for a summer. I would be happy to review patches.
>>
>>     
>>> Is there any fine grained granting in ipc object just like in file object?
>>>
>>>       
>> As Stephen Smalley points out, you can do it with SELinux, although
>> that it rather like driving a thumbtack with a bulldozer.
>>
>>     
>>> Thanks,
>>> Best
>>>
>>> --
>>> zhoupeng
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>> Please read the FAQ at  http://www.tux.org/lkml/
>>>
>>>
>>>
>>>       
>>     
>
>
>
>