On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> Where's 1/2? I've ported this to the tip of the vfs-2.6 tree, but
> can't compile it without the other half.
I have a question for everyone though. How are these options used?
SELinux mount options can contain commas. When sending such options
from userspace they are inside quotes. Should I go ahead and quote
selinux options so they can be directly used back into mount commands?
Should I just leave them in there without quotes and let anyone who
tries to feel them back into mount figure it out?
I'm ignoring seq_* failures. Which kinda scares me since it means i
could get half of one option and half of another and the user would not
realize it. Maybe I should build a single string for each selinux
option and do a single seq_puts() so seq_* failure only means missing
options, not possibly corrupted options...
>
> Miklos
>
> ----
> From: Eric Paris <eparis@xxxxxxxxxx>
>
> This patch causes SELinux mount options to show up in /proc/mounts. As
> with other code in the area seq_put errors are ignored. Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
> ---
> fs/namespace.c | 12 ++++++----
> include/linux/security.h | 9 ++++++++
> security/dummy.c | 6 +++++
> security/security.c | 5 ++++
> security/selinux/hooks.c | 52 +++++++++++++++++++++++++++++++++++++++++++++--
> 5 files changed, 77 insertions(+), 7 deletions(-)
>
> Index: vfs-2.6/include/linux/security.h
> ===================================================================
> --- vfs-2.6.orig/include/linux/security.h 2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/include/linux/security.h 2008-04-02 10:59:10.000000000 +0200
> @@ -74,6 +74,7 @@ struct xfrm_selector;
> struct xfrm_policy;
> struct xfrm_state;
> struct xfrm_user_sec_ctx;
> +struct seq_file;
>
> extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> extern int cap_netlink_recv(struct sk_buff *skb, int cap);
> @@ -1259,6 +1260,7 @@ struct security_operations {
> void (*sb_free_security) (struct super_block * sb);
> int (*sb_copy_data)(char *orig, char *copy);
> int (*sb_kern_mount) (struct super_block *sb, void *data);
> + int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
> int (*sb_statfs) (struct dentry *dentry);
> int (*sb_mount) (char *dev_name, struct path *path,
> char *type, unsigned long flags, void *data);
> @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
> void security_sb_free(struct super_block *sb);
> int security_sb_copy_data(char *orig, char *copy);
> int security_sb_kern_mount(struct super_block *sb, void *data);
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb);
> int security_sb_statfs(struct dentry *dentry);
> int security_sb_mount(char *dev_name, struct path *path,
> char *type, unsigned long flags, void *data);
> @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
> return 0;
> }
>
> +static inline int security_sb_show_options(struct seq_file *m,
> + struct super_block *sb)
> +{
> + return 0;
> +}
> +
> static inline int security_sb_statfs (struct dentry *dentry)
> {
> return 0;
> Index: vfs-2.6/security/dummy.c
> ===================================================================
> --- vfs-2.6.orig/security/dummy.c 2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/dummy.c 2008-04-02 10:59:10.000000000 +0200
> @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
> return 0;
> }
>
> +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> + return 0;
> +}
> +
> static int dummy_sb_statfs (struct dentry *dentry)
> {
> return 0;
> @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
> set_to_dummy_if_null(ops, sb_free_security);
> set_to_dummy_if_null(ops, sb_copy_data);
> set_to_dummy_if_null(ops, sb_kern_mount);
> + set_to_dummy_if_null(ops, sb_show_options);
> set_to_dummy_if_null(ops, sb_statfs);
> set_to_dummy_if_null(ops, sb_mount);
> set_to_dummy_if_null(ops, sb_check_sb);
> Index: vfs-2.6/security/security.c
> ===================================================================
> --- vfs-2.6.orig/security/security.c 2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/security.c 2008-04-02 10:59:10.000000000 +0200
> @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
> return security_ops->sb_kern_mount(sb, data);
> }
>
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> + return security_ops->sb_show_options(m, sb);
> +}
> +
> int security_sb_statfs(struct dentry *dentry)
> {
> return security_ops->sb_statfs(dentry);
> Index: vfs-2.6/security/selinux/hooks.c
> ===================================================================
> --- vfs-2.6.orig/security/selinux/hooks.c 2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/selinux/hooks.c 2008-04-02 10:59:10.000000000 +0200
> @@ -9,7 +9,8 @@
> * James Morris <jmorris@xxxxxxxxxx>
> *
> * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
> - * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@xxxxxxxxxx>
> + * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@xxxxxxxxxx>
> + * Eric Paris <eparis@xxxxxxxxxx>
> * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
> * <dgoeddel@xxxxxxxxxxxxx>
> * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
> @@ -19,7 +20,7 @@
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License version 2,
> - * as published by the Free Software Foundation.
> + * as published by the Free Software Foundation.
> */
>
> #include <linux/init.h>
> @@ -947,6 +948,52 @@ out_err:
> return rc;
> }
>
> +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
> +{
> + int i;
> + char *prefix;
> +
> + for (i = 0; i < opts->num_mnt_opts; i++) {
> + /* we need a comma before each option */
> + seq_putc(m, ',');
> +
> + switch (opts->mnt_opts_flags[i]) {
> + case CONTEXT_MNT:
> + prefix = CONTEXT_STR;
> + break;
> + case FSCONTEXT_MNT:
> + prefix = FSCONTEXT_STR;
> + break;
> + case ROOTCONTEXT_MNT:
> + prefix = ROOTCONTEXT_STR;
> + break;
> + case DEFCONTEXT_MNT:
> + prefix = DEFCONTEXT_STR;
> + break;
> + default:
> + BUG();
> + };
> + seq_puts(m, prefix);
> + seq_puts(m, opts->mnt_opts[i]);
> + }
> +}
> +
> +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> + struct security_mnt_opts opts;
> + int rc;
> +
> + rc = selinux_get_mnt_opts(sb, &opts);
> + if (rc)
> + return rc;
> +
> + selinux_write_opts(m, &opts);
> +
> + security_free_mnt_opts(&opts);
> +
> + return rc;
> +}
> +
> static inline u16 inode_mode_to_security_class(umode_t mode)
> {
> switch (mode & S_IFMT) {
> @@ -5257,6 +5304,7 @@ static struct security_operations selinu
> .sb_free_security = selinux_sb_free_security,
> .sb_copy_data = selinux_sb_copy_data,
> .sb_kern_mount = selinux_sb_kern_mount,
> + .sb_show_options = selinux_sb_show_options,
> .sb_statfs = selinux_sb_statfs,
> .sb_mount = selinux_mount,
> .sb_umount = selinux_umount,
> Index: vfs-2.6/fs/namespace.c
> ===================================================================
> --- vfs-2.6.orig/fs/namespace.c 2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/fs/namespace.c 2008-04-02 11:03:18.000000000 +0200
> @@ -748,7 +748,7 @@ struct proc_fs_info {
> const char *str;
> };
>
> -static void show_sb_opts(struct seq_file *m, struct super_block *sb)
> +static int show_sb_opts(struct seq_file *m, struct super_block *sb)
> {
> static const struct proc_fs_info fs_info[] = {
> { MS_SYNCHRONOUS, ",sync" },
> @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
> if (sb->s_flags & fs_infop->flag)
> seq_puts(m, fs_infop->str);
> }
> +
> + return security_sb_show_options(m, sb);
> }
>
> static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
> @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
> seq_putc(m, ' ');
> show_type(m, mnt->mnt_sb);
> seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
> - show_sb_opts(m, mnt->mnt_sb);
> + err = show_sb_opts(m, mnt->mnt_sb);
> show_mnt_opts(m, mnt);
> - if (mnt->mnt_sb->s_op->show_options)
> + if (!err && mnt->mnt_sb->s_op->show_options)
> err = mnt->mnt_sb->s_op->show_options(m, mnt);
> seq_puts(m, " 0 0\n");
> return err;
> @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
> seq_putc(m, ' ');
> mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
> seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
> - show_sb_opts(m, sb);
> - if (sb->s_op->show_options)
> + err = show_sb_opts(m, sb);
> + if (!err && sb->s_op->show_options)
> err = sb->s_op->show_options(m, mnt);
> seq_putc(m, '\n');
> return err;
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
