Re: check_sb patch

• Previous message: Seth Arnold: "Re: check_sb patch"
• In reply to: Serge E. Hallyn: "check_sb patch"
• Next in thread: Serge E. Hallyn: "Re: check_sb patch"
• Reply: Serge E. Hallyn: "Re: check_sb patch"
• Reply: Stephen Smalley: "Re: check_sb patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Serge E. Hallyn (hallynat_private) wrote:
> Attached are 4 small patches to throw in the check_sb function.  Compiles,
> runs.
> 
> There's also a small doc change in include/linux/security.h.  Several of
> the mount-related functions have been moved to namespace.c;  marked them
> as such.

i'm ready to apply this patch, however it's a bit inconsistent with the
earlier thread regarding this hook.

this patch contains the hook:

int (* check_sb) (struct super_block *sb, struct nameidata *nd);

and stephen smalley suggested the hook placement (just before
graft_tree) in order to be able to use the mnt_flags.  to this end,
shouldn't this hook look like:

int (* check_sb) (struct vfsmount *mnt, struct nameidata *nd);

such a patch is queued in my tree, and attached for scrutiny.

thanks,
-chris


===== fs/namespace.c 1.4 vs edited =====
--- 1.4/fs/namespace.c	Thu Oct 11 08:36:33 2001
+++ edited/fs/namespace.c	Tue Oct 23 09:25:00 2001
@@ -661,6 +661,8 @@
 		goto unlock;
 
 	mnt->mnt_flags = mnt_flags;
+	if (security_ops->sb_ops->check_sb(mnt, nd))
+		goto unlock;
 	err = graft_tree(mnt, nd);
 	if (!err)
 		security_ops->sb_ops->post_addmount(mnt, nd);
===== include/linux/security.h 1.92 vs edited =====
--- 1.92/include/linux/security.h	Thu Oct  4 18:34:23 2001
+++ edited/include/linux/security.h	Tue Oct 23 09:27:30 2001
@@ -175,7 +175,7 @@
 	 * @flags: mount flags
 	 * @data: filesystem-specific data
 	 *
-	 * called: do_mount <fs/super.c>
+	 * called: do_mount <fs/namespace.c>
 	 *
 	 * lock:  The big kernel lock is held by sys_mount.
 	 *
@@ -191,11 +191,25 @@
 		       unsigned long flags, void * data);
 
 	/**
+	 * check_sb - A mount check with the superblock available
+	 * @mnt: vfsmount for device being mounted
+	 * @nd: nameidata object for the mount point
+	 *
+	 * called: do_add_mount <fs/namespace.c>
+	 *
+	 * lock:  The big kernel lock is held by sys_mount.
+	 *
+	 * Check permission before the device with superblock @mnt->sb
+	 * is mounted on the mount point named by @nd.
+	 */
+	int (* check_sb) (struct vfsmount *mnt, struct nameidata *nd);
+
+	/**
 	 * umount - check permission when unmounting a file system
 	 * @mnt:  the mounted file system
 	 * @flags: unmount flags, e.g. MNT_FORCE
 	 *
-	 * called: do_umount <fs/super.c>
+	 * called: do_umount <fs/namespace.c>
 	 *
 	 * lock:  The mount semaphore and the big kernel lock are 
 	 *        held by sys_umount.
@@ -209,7 +223,7 @@
 	 * umount_close - close any files in a mounted filesystem held open by the security module
 	 * @mnt: the mounted filesystem
 	 *
-	 * called: do_umount <fs/super.c>
+	 * called: do_umount <fs/namespace.c>
 	 *
 	 * locks:  The mount semaphore and the big kernel lock are held 
 	 *         by sys_umount.
@@ -225,7 +239,7 @@
 	 * umount_busy - handle a failed umount of a filesystem
 	 * @mnt: the mounted filesystem
 	 *
-	 * called: do_umount <fs/super.c>
+	 * called: do_umount <fs/namespace.c>
 	 *
 	 * locks:  The mount semaphore and the big kernel lock are held 
 	 *         by sys_umount.
@@ -243,7 +257,7 @@
 	 * @flags: new filesystem flags
 	 * @data:  filesystem-specific data
 	 *
-	 * called: do_remount <fs/super.c>
+	 * called: do_remount <fs/namespace.c>
 	 *
 	 * lock:  The big kernel lock is held by sys_mount.
 	 *
@@ -269,7 +283,7 @@
 	 * @mnt:  the mounted filesystem
 	 * @mountpoint_nd:  the nameidata structure for the mount point
 	 *
-	 * called: do_add_mount <fs/super.c>
+	 * called: do_add_mount <fs/namespace.c>
 	 *
 	 * lock:  The big kernel lock is held by sys_mount.
 	 *
===== security/capability_plug.c 1.68 vs edited =====
--- 1.68/security/capability_plug.c	Thu Oct  4 18:34:24 2001
+++ edited/security/capability_plug.c	Tue Oct 23 09:25:45 2001
@@ -288,6 +288,11 @@
 	return 0;
 }
 
+static int cap_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return 0;
+}
+
 static int cap_umount (struct vfsmount *mnt, int flags)
 {
 	return 0;
@@ -1077,6 +1082,7 @@
 	free_security:	cap_sb_free_security,
 	statfs:		cap_sb_statfs,
 	mount:		cap_mount,
+	check_sb:	cap_check_sb,
 	umount:		cap_umount,
 	umount_close:	cap_umount_close,
 	umount_busy:	cap_umount_busy,
===== security/dummy.c 1.6 vs edited =====
--- 1.6/security/dummy.c	Thu Oct  4 18:34:24 2001
+++ edited/security/dummy.c	Tue Oct 23 09:25:24 2001
@@ -189,6 +189,11 @@
 	return 0;
 }
 
+static int dummy_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+	return 0;
+}
+
 static int dummy_umount (struct vfsmount *mnt, int flags)
 {
 	return 0;
@@ -900,6 +905,7 @@
 	free_security:	dummy_sb_free_security,
 	statfs:		dummy_sb_statfs,
 	mount:		dummy_mount,
+	check_sb:	dummy_check_sb,
 	umount:		dummy_umount,
 	umount_close:	dummy_umount_close,
 	umount_busy:	dummy_umount_busy,

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Serge E. Hallyn: "Re: check_sb patch"
• Previous message: Seth Arnold: "Re: check_sb patch"
• In reply to: Serge E. Hallyn: "check_sb patch"
• Next in thread: Serge E. Hallyn: "Re: check_sb patch"
• Reply: Serge E. Hallyn: "Re: check_sb patch"
• Reply: Stephen Smalley: "Re: check_sb patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 09:25:53 PDT