The attached patch moves the mount-related hooks from the top-level security_ops structure to the sb_ops substructure. If there aren't any objections, I can commit it whenever. -- Stephen D. Smalley, NAI Labs ssmalleyat_private diff -X /home/sds/dontdiff -ru lsm-wirex/fs/super.c lsm/fs/super.c --- lsm-wirex/fs/super.c Tue Sep 11 08:38:46 2001 +++ lsm/fs/super.c Tue Sep 11 09:41:50 2001 @@ -1132,7 +1132,7 @@ struct nameidata parent_nd; int retval; - retval = security_ops->umount(mnt, flags); + retval = security_ops->sb_ops->umount(mnt, flags); if (retval) return retval; @@ -1184,7 +1184,7 @@ */ DQUOT_OFF(sb); acct_auto_close(sb->s_dev); - security_ops->umount_close(mnt); + security_ops->sb_ops->umount_close(mnt); /* * If we may have to abort operations to get out of this @@ -1204,7 +1204,7 @@ spin_lock(&dcache_lock); if (atomic_read(&mnt->mnt_count) > 2) { spin_unlock(&dcache_lock); - security_ops->umount_busy(mnt); + security_ops->sb_ops->umount_busy(mnt); return -EBUSY; } @@ -1341,7 +1341,7 @@ retval = do_remount_sb(nd->mnt->mnt_sb, flags, data); if (!retval) - security_ops->post_remount(nd->mnt, flags, data); + security_ops->sb_ops->post_remount(nd->mnt, flags, data); return retval; } @@ -1410,7 +1410,7 @@ else { retval = graft_tree(mnt, nd); if (!retval) - security_ops->post_addmount(mnt, nd); + security_ops->sb_ops->post_addmount(mnt, nd); } mntput(mnt); up(&mount_sem); @@ -1489,7 +1489,7 @@ if (retval) return retval; - retval = security_ops->mount(dev_name, &nd, type_page, flags, data_page); + retval = security_ops->sb_ops->mount(dev_name, &nd, type_page, flags, data_page); if (retval) goto dput_out; @@ -1704,7 +1704,7 @@ set_fs_pwd(current->fs, vfsmnt, sb->s_root); if (bdev) bdput(bdev); /* sb holds a reference */ - security_ops->post_mountroot(sb); + security_ops->sb_ops->post_mountroot(sb); return; } panic("VFS: add_vfsmnt failed for root fs"); diff -X /home/sds/dontdiff -ru lsm-wirex/include/linux/security.h lsm/include/linux/security.h --- lsm-wirex/include/linux/security.h Mon Sep 10 16:22:14 2001 +++ lsm/include/linux/security.h Tue Sep 11 08:56:54 2001 @@ -102,6 +102,116 @@ * for the @sb filesystem. Return 0 if permission is granted. */ int (* statfs) (struct super_block *sb); + + /** + * mount - check permission when mounting or remounting + * @dev_name: name for object being mounted + * @nd: nameidata structure for mount point object + * @type: filesystem type + * @flags: mount flags + * @data: filesystem-specific data + * + * called: do_mount <fs/super.c> + * + * lock: The big kernel lock is held by sys_mount. + * + * Check permission before an object specified by @dev_name + * is mounted on the mount point named by @nd. For an ordinary + * mount, @dev_name identifies a device if the file system type + * requires a device. For a remount (@flags & MS_REMOUNT), @dev_name + * is irrelevant. For a loopback/bind mount (@flags & MS_BIND), + * @dev_name identifies the pathname of the object being mounted. + * Return 0 if permission is granted. + */ + int (* mount) (char * dev_name, struct nameidata *nd, char * type, + unsigned long flags, void * data); + + /** + * umount - check permission when unmounting a file system + * @mnt: the mounted file system + * @flags: unmount flags, e.g. MNT_FORCE + * + * called: do_umount <fs/super.c> + * + * lock: The mount semaphore and the big kernel lock are + * held by sys_umount. + * + * Check permission before the @mnt file system is + * unmounted. Return 0 if permission is granted. + */ + int (* umount) (struct vfsmount *mnt, int flags); + + /** + * umount_close - close any files in a mounted filesystem held open by the security module + * @mnt: the mounted filesystem + * + * called: do_umount <fs/super.c> + * + * locks: The mount semaphore and the big kernel lock are held + * by sys_umount. + * + * Close any files in the @mnt mounted filesystem that are + * held open by the security module. This hook is called during + * an umount operation prior to checking whether the filesystem is + * still busy. + */ + void (* umount_close) (struct vfsmount *mnt); + + /** + * umount_busy - handle a failed umount of a filesystem + * @mnt: the mounted filesystem + * + * called: do_umount <fs/super.c> + * + * locks: The mount semaphore and the big kernel lock are held + * by sys_umount. + * + * Handle a failed umount of the @mnt mounted filesystem, e.g. + * re-opening any files that were closed by umount_close. + * This hook is called during an umount operation if the umount + * fails after a call to the umount_close hook. + */ + void (* umount_busy) (struct vfsmount *mnt); + + /** + * post_remount - Update module state when a filesystem is remounted + * @mnt: the mounted file system + * @flags: new filesystem flags + * @data: filesystem-specific data + * + * called: do_remount <fs/super.c> + * + * lock: The big kernel lock is held by sys_mount. + * + * Update the security module's state when a filesystem is remounted. + * This hook is only called if the remount was successful. + */ + void (* post_remount) (struct vfsmount *mnt, unsigned long flags, void *data); + + /** + * post_mountroot - Update module state when the root filesystem is mounted + * @sb: the super_block structure for the root filesystem + * + * called: mount_root <fs/super.c> + * + * Update the security module's state when the root filesystem + * is mounted. This hook is only called if the mount was successful. + */ + void (* post_mountroot) (struct super_block *sb); + + /** + * post_addmount - Update module state when a non-root filesystem is mounted + * @mnt: the mounted filesystem + * @nd: the nameidata structure for the mount point + * + * called: do_add_mount <fs/super.c> + * + * lock: The big kernel lock is held by sys_mount. + * + * Update the security module's state when a non-root filesystem is mounted. + * This hook is not called after a loopback/bind mount. + */ + void (* post_addmount) (struct vfsmount *mnt, struct nameidata *mountpoint_nd); }; struct inode_security_ops { @@ -434,92 +544,6 @@ int (* sethostname) (char *hostname); int (* setdomainname) (char *domainname); int (* reboot) (unsigned int cmd); - - /** - * mount - check permission when mounting or remounting - * @dev_name: name for object being mounted - * @nd: nameidata structure for mount point object - * @type: filesystem type - * @flags: mount flags - * @data: filesystem-specific data - * - * called: do_mount <fs/super.c> - * - * lock: The big kernel lock is held by sys_mount. - * - * Check permission before an object specified by @dev_name - * is mounted on the mount point named by @nd. For an ordinary - * mount, @dev_name identifies a device if the file system type - * requires a device. For a remount (@flags & MS_REMOUNT), @dev_name - * is irrelevant. For a loopback/bind mount (@flags & MS_BIND), - * @dev_name identifies the pathname of the object being mounted. - * Return 0 if permission is granted. - */ - int (* mount) (char * dev_name, struct nameidata *nd, char * type, - unsigned long flags, void * data); - - /** - * umount - check permission when unmounting a file system - * @mnt: the mounted file system - * @flags: unmount flags, e.g. MNT_FORCE - * - * called: do_umount <fs/super.c> - * - * lock: The mount semaphore and the big kernel lock are - * held by sys_umount. - * - * Check permission before the @mnt file system is - * unmounted. Return 0 if permission is granted. - */ - int (* umount) (struct vfsmount *mnt, int flags); - - /** - * umount_close - close any files in a mounted filesystem held open by the security module - * @mnt: the mounted filesystem - * - * called: do_umount <fs/super.c> - * - * locks: The mount semaphore and the big kernel lock are held - * by sys_umount. - * - * Close any files in the @mnt mounted filesystem that are - * held open by the security module. This hook is called during - * an umount operation prior to checking whether the filesystem is - * still busy. - */ - void (* umount_close) (struct vfsmount *mnt); - - /** - * umount_busy - handle a failed umount of a filesystem - * @mnt: the mounted filesystem - * - * called: do_umount <fs/super.c> - * - * locks: The mount semaphore and the big kernel lock are held - * by sys_umount. - * - * Handle a failed umount of the @mnt mounted filesystem, e.g. - * re-opening any files that were closed by umount_close. - * This hook is called during an umount operation if the umount - * fails after a call to the umount_close hook. - */ - void (* umount_busy) (struct vfsmount *mnt); - - /** - * post_remount - Update module state when a filesystem is remounted - * @mnt: the mounted file system - * @flags: new filesystem flags - * @data: filesystem-specific data - * - * called: do_remount <fs/super.c> - * - * lock: The big kernel lock is held by sys_mount. - * - * Update the security module's state when a filesystem is remounted. - * This hook is only called if the remount was successful. - */ - void (* post_remount) (struct vfsmount *mnt, unsigned long flags, void *data); - int (* ioperm) (unsigned long from, unsigned long num, int turn_on); int (* iopl) (unsigned int old, unsigned int level); int (* ptrace) (struct task_struct *parent, struct task_struct *child); @@ -529,31 +553,6 @@ int (* acct) (struct file *file); int (* sysctl) (ctl_table * table, int op); int (* capable) (struct task_struct *tsk, int cap); - - /** - * post_mountroot - Update module state when the root filesystem is mounted - * @sb: the super_block structure for the root filesystem - * - * called: mount_root <fs/super.c> - * - * Update the security module's state when the root filesystem - * is mounted. This hook is only called if the mount was successful. - */ - void (* post_mountroot) (struct super_block *sb); - - /** - * post_addmount - Update module state when a non-root filesystem is mounted - * @mnt: the mounted filesystem - * @nd: the nameidata structure for the mount point - * - * called: do_add_mount <fs/super.c> - * - * lock: The big kernel lock is held by sys_mount. - * - * Update the security module's state when a non-root filesystem is mounted. - * This hook is not called after a loopback/bind mount. - */ - void (* post_addmount) (struct vfsmount *mnt, struct nameidata *mountpoint_nd); /* security syscall multiplexor. app can use id to identify module */ int (* sys_security) (unsigned int id, unsigned call, unsigned long *args); diff -X /home/sds/dontdiff -ru lsm-wirex/security/capability_plug.c lsm/security/capability_plug.c --- lsm-wirex/security/capability_plug.c Wed Sep 5 08:24:02 2001 +++ lsm/security/capability_plug.c Tue Sep 11 09:02:04 2001 @@ -36,33 +36,6 @@ return 0; } -static int cap_mount (char *dev_name, struct nameidata *nd, char *type, - unsigned long flags, void *data) -{ - return 0; -} - -static int cap_umount (struct vfsmount *mnt, int flags) -{ - return 0; -} - -static void cap_umount_close (struct vfsmount *mnt) -{ - return; -} - -static void cap_umount_busy (struct vfsmount *mnt) -{ - return; -} - -static void cap_post_remount (struct vfsmount *mnt, unsigned long flags, - void *data) -{ - return; -} - static int cap_ioperm (unsigned long from, unsigned long num, int turn_on) { return 0; @@ -82,16 +55,6 @@ return -EPERM; } -static void cap_post_mountroot (struct super_block *sb) -{ - return; -} - -static void cap_post_addmount (struct vfsmount *mnt, struct nameidata *nd) -{ - return; -} - static int cap_sys_security (unsigned int id, unsigned int call, unsigned long *args) { @@ -319,6 +282,43 @@ return 0; } +static int cap_mount (char *dev_name, struct nameidata *nd, char *type, + unsigned long flags, void *data) +{ + return 0; +} + +static int cap_umount (struct vfsmount *mnt, int flags) +{ + return 0; +} + +static void cap_umount_close (struct vfsmount *mnt) +{ + return; +} + +static void cap_umount_busy (struct vfsmount *mnt) +{ + return; +} + +static void cap_post_remount (struct vfsmount *mnt, unsigned long flags, + void *data) +{ + return; +} + +static void cap_post_mountroot (struct super_block *sb) +{ + return; +} + +static void cap_post_addmount (struct vfsmount *mnt, struct nameidata *nd) +{ + return; +} + static int cap_inode_alloc_security (struct inode *inode) { return 0; @@ -1072,6 +1072,13 @@ alloc_security: cap_sb_alloc_security, free_security: cap_sb_free_security, statfs: cap_sb_statfs, + mount: cap_mount, + umount: cap_umount, + umount_close: cap_umount_close, + umount_busy: cap_umount_busy, + post_remount: cap_post_remount, + post_mountroot: cap_post_mountroot, + post_addmount: cap_post_addmount, }; static struct inode_security_ops cap_inode_ops = { @@ -1233,11 +1240,6 @@ sethostname: cap_sethostname, setdomainname: cap_setdomainname, reboot: cap_reboot, - mount: cap_mount, - umount: cap_umount, - umount_close: cap_umount_close, - umount_busy: cap_umount_busy, - post_remount: cap_post_remount, ioperm: cap_ioperm, iopl: cap_iopl, ptrace: cap_ptrace, @@ -1247,8 +1249,6 @@ acct: cap_acct, sysctl: cap_sysctl, capable: cap_capable, - post_mountroot: cap_post_mountroot, - post_addmount: cap_post_addmount, sys_security: cap_sys_security, swapon: cap_swapon, swapoff: cap_swapoff, diff -X /home/sds/dontdiff -ru lsm-wirex/security/dummy.c lsm/security/dummy.c --- lsm-wirex/security/dummy.c Wed Sep 5 08:24:02 2001 +++ lsm/security/dummy.c Tue Sep 11 09:00:54 2001 @@ -34,33 +34,6 @@ return 0; } -static int dummy_mount (char *dev_name, struct nameidata *nd, char *type, - unsigned long flags, void *data) -{ - return 0; -} - -static int dummy_umount (struct vfsmount *mnt, int flags) -{ - return 0; -} - -static void dummy_umount_close (struct vfsmount *mnt) -{ - return; -} - -static void dummy_umount_busy (struct vfsmount *mnt) -{ - return; -} - -static void dummy_post_remount (struct vfsmount *mnt, unsigned long flags, - void *data) -{ - return; -} - static int dummy_ioperm (unsigned long from, unsigned long num, int turn_on) { return 0; @@ -118,16 +91,6 @@ return 0; } -static void dummy_post_mountroot (struct super_block *sb) -{ - return; -} - -static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd) -{ - return; -} - static int dummy_sys_security (unsigned int id, unsigned int call, unsigned long *args) { @@ -220,6 +183,44 @@ return 0; } +static int dummy_mount (char *dev_name, struct nameidata *nd, char *type, + unsigned long flags, void *data) +{ + return 0; +} + +static int dummy_umount (struct vfsmount *mnt, int flags) +{ + return 0; +} + +static void dummy_umount_close (struct vfsmount *mnt) +{ + return; +} + +static void dummy_umount_busy (struct vfsmount *mnt) +{ + return; +} + +static void dummy_post_remount (struct vfsmount *mnt, unsigned long flags, + void *data) +{ + return; +} + + +static void dummy_post_mountroot (struct super_block *sb) +{ + return; +} + +static void dummy_post_addmount (struct vfsmount *mnt, struct nameidata *nd) +{ + return; +} + static int dummy_inode_alloc_security (struct inode *inode) { return 0; @@ -894,6 +895,13 @@ alloc_security: dummy_sb_alloc_security, free_security: dummy_sb_free_security, statfs: dummy_sb_statfs, + mount: dummy_mount, + umount: dummy_umount, + umount_close: dummy_umount_close, + umount_busy: dummy_umount_busy, + post_remount: dummy_post_remount, + post_mountroot: dummy_post_mountroot, + post_addmount: dummy_post_addmount, }; static struct inode_security_ops dummy_inode_ops = { @@ -1055,11 +1063,6 @@ sethostname: dummy_sethostname, setdomainname: dummy_setdomainname, reboot: dummy_reboot, - mount: dummy_mount, - umount: dummy_umount, - umount_close: dummy_umount_close, - umount_busy: dummy_umount_busy, - post_remount: dummy_post_remount, ioperm: dummy_ioperm, iopl: dummy_iopl, ptrace: dummy_ptrace, @@ -1069,8 +1072,6 @@ acct: dummy_acct, capable: dummy_capable, sysctl: dummy_sysctl, - post_mountroot: dummy_post_mountroot, - post_addmount: dummy_post_addmount, sys_security: dummy_sys_security, swapon: dummy_swapon, swapoff: dummy_swapoff, diff -X /home/sds/dontdiff -ru lsm-wirex/security/security.c lsm/security/security.c --- lsm-wirex/security/security.c Wed Sep 5 08:24:02 2001 +++ lsm/security/security.c Tue Sep 11 08:59:15 2001 @@ -42,11 +42,6 @@ if (!ops->sethostname || !ops->setdomainname || !ops->reboot || - !ops->mount || - !ops->umount || - !ops->umount_close || - !ops->umount_busy || - !ops->post_remount || !ops->ioperm || !ops->iopl || !ops->ptrace || @@ -56,8 +51,6 @@ !ops->acct || !ops->capable || !ops->sysctl || - !ops->post_mountroot || - !ops->post_addmount || !ops->sys_security || !ops->swapon || !ops->swapoff || _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 07:48:31 PDT