On Wed, 2008-04-02 at 10:43 -0400, Eric Paris wrote:
> On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> > Where's 1/2? I've ported this to the tip of the vfs-2.6 tree, but
> > can't compile it without the other half.
>
> I have a question for everyone though. How are these options used?
> SELinux mount options can contain commas. When sending such options
> from userspace they are inside quotes. Should I go ahead and quote
> selinux options so they can be directly used back into mount commands?
> Should I just leave them in there without quotes and let anyone who
> tries to feel them back into mount figure it out?
I don't think they can "figure it out" as they can't unambiguously parse
the option string at that point. So wrapping the SELinux option value
with quotes is required when it contains a comma.
> I'm ignoring seq_* failures. Which kinda scares me since it means i
> could get half of one option and half of another and the user would not
> realize it. Maybe I should build a single string for each selinux
> option and do a single seq_puts() so seq_* failure only means missing
> options, not possibly corrupted options...
And is it even adequate to return an incomplete set of options with no
indication of truncation to userspace? How do we expect userland to use
the /proc/mounts output?
>
> >
> > Miklos
> >
> > ----
> > From: Eric Paris <eparis@xxxxxxxxxx>
> >
> > This patch causes SELinux mount options to show up in /proc/mounts. As
> > with other code in the area seq_put errors are ignored. Other LSM's
> > will not have their mount options displayed until they fill in their own
> > security_sb_show_options() function.
> >
> > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
> > Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
> > ---
> > fs/namespace.c | 12 ++++++----
> > include/linux/security.h | 9 ++++++++
> > security/dummy.c | 6 +++++
> > security/security.c | 5 ++++
> > security/selinux/hooks.c | 52 +++++++++++++++++++++++++++++++++++++++++++++--
> > 5 files changed, 77 insertions(+), 7 deletions(-)
> >
> > Index: vfs-2.6/include/linux/security.h
> > ===================================================================
> > --- vfs-2.6.orig/include/linux/security.h 2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/include/linux/security.h 2008-04-02 10:59:10.000000000 +0200
> > @@ -74,6 +74,7 @@ struct xfrm_selector;
> > struct xfrm_policy;
> > struct xfrm_state;
> > struct xfrm_user_sec_ctx;
> > +struct seq_file;
> >
> > extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> > extern int cap_netlink_recv(struct sk_buff *skb, int cap);
> > @@ -1259,6 +1260,7 @@ struct security_operations {
> > void (*sb_free_security) (struct super_block * sb);
> > int (*sb_copy_data)(char *orig, char *copy);
> > int (*sb_kern_mount) (struct super_block *sb, void *data);
> > + int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
> > int (*sb_statfs) (struct dentry *dentry);
> > int (*sb_mount) (char *dev_name, struct path *path,
> > char *type, unsigned long flags, void *data);
> > @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
> > void security_sb_free(struct super_block *sb);
> > int security_sb_copy_data(char *orig, char *copy);
> > int security_sb_kern_mount(struct super_block *sb, void *data);
> > +int security_sb_show_options(struct seq_file *m, struct super_block *sb);
> > int security_sb_statfs(struct dentry *dentry);
> > int security_sb_mount(char *dev_name, struct path *path,
> > char *type, unsigned long flags, void *data);
> > @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
> > return 0;
> > }
> >
> > +static inline int security_sb_show_options(struct seq_file *m,
> > + struct super_block *sb)
> > +{
> > + return 0;
> > +}
> > +
> > static inline int security_sb_statfs (struct dentry *dentry)
> > {
> > return 0;
> > Index: vfs-2.6/security/dummy.c
> > ===================================================================
> > --- vfs-2.6.orig/security/dummy.c 2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/security/dummy.c 2008-04-02 10:59:10.000000000 +0200
> > @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
> > return 0;
> > }
> >
> > +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
> > +{
> > + return 0;
> > +}
> > +
> > static int dummy_sb_statfs (struct dentry *dentry)
> > {
> > return 0;
> > @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
> > set_to_dummy_if_null(ops, sb_free_security);
> > set_to_dummy_if_null(ops, sb_copy_data);
> > set_to_dummy_if_null(ops, sb_kern_mount);
> > + set_to_dummy_if_null(ops, sb_show_options);
> > set_to_dummy_if_null(ops, sb_statfs);
> > set_to_dummy_if_null(ops, sb_mount);
> > set_to_dummy_if_null(ops, sb_check_sb);
> > Index: vfs-2.6/security/security.c
> > ===================================================================
> > --- vfs-2.6.orig/security/security.c 2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/security/security.c 2008-04-02 10:59:10.000000000 +0200
> > @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
> > return security_ops->sb_kern_mount(sb, data);
> > }
> >
> > +int security_sb_show_options(struct seq_file *m, struct super_block *sb)
> > +{
> > + return security_ops->sb_show_options(m, sb);
> > +}
> > +
> > int security_sb_statfs(struct dentry *dentry)
> > {
> > return security_ops->sb_statfs(dentry);
> > Index: vfs-2.6/security/selinux/hooks.c
> > ===================================================================
> > --- vfs-2.6.orig/security/selinux/hooks.c 2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/security/selinux/hooks.c 2008-04-02 10:59:10.000000000 +0200
> > @@ -9,7 +9,8 @@
> > * James Morris <jmorris@xxxxxxxxxx>
> > *
> > * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
> > - * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@xxxxxxxxxx>
> > + * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@xxxxxxxxxx>
> > + * Eric Paris <eparis@xxxxxxxxxx>
> > * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
> > * <dgoeddel@xxxxxxxxxxxxx>
> > * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
> > @@ -19,7 +20,7 @@
> > *
> > * This program is free software; you can redistribute it and/or modify
> > * it under the terms of the GNU General Public License version 2,
> > - * as published by the Free Software Foundation.
> > + * as published by the Free Software Foundation.
> > */
> >
> > #include <linux/init.h>
> > @@ -947,6 +948,52 @@ out_err:
> > return rc;
> > }
> >
> > +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
> > +{
> > + int i;
> > + char *prefix;
> > +
> > + for (i = 0; i < opts->num_mnt_opts; i++) {
> > + /* we need a comma before each option */
> > + seq_putc(m, ',');
> > +
> > + switch (opts->mnt_opts_flags[i]) {
> > + case CONTEXT_MNT:
> > + prefix = CONTEXT_STR;
> > + break;
> > + case FSCONTEXT_MNT:
> > + prefix = FSCONTEXT_STR;
> > + break;
> > + case ROOTCONTEXT_MNT:
> > + prefix = ROOTCONTEXT_STR;
> > + break;
> > + case DEFCONTEXT_MNT:
> > + prefix = DEFCONTEXT_STR;
> > + break;
> > + default:
> > + BUG();
> > + };
> > + seq_puts(m, prefix);
> > + seq_puts(m, opts->mnt_opts[i]);
> > + }
> > +}
> > +
> > +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
> > +{
> > + struct security_mnt_opts opts;
> > + int rc;
> > +
> > + rc = selinux_get_mnt_opts(sb, &opts);
> > + if (rc)
> > + return rc;
> > +
> > + selinux_write_opts(m, &opts);
> > +
> > + security_free_mnt_opts(&opts);
> > +
> > + return rc;
> > +}
> > +
> > static inline u16 inode_mode_to_security_class(umode_t mode)
> > {
> > switch (mode & S_IFMT) {
> > @@ -5257,6 +5304,7 @@ static struct security_operations selinu
> > .sb_free_security = selinux_sb_free_security,
> > .sb_copy_data = selinux_sb_copy_data,
> > .sb_kern_mount = selinux_sb_kern_mount,
> > + .sb_show_options = selinux_sb_show_options,
> > .sb_statfs = selinux_sb_statfs,
> > .sb_mount = selinux_mount,
> > .sb_umount = selinux_umount,
> > Index: vfs-2.6/fs/namespace.c
> > ===================================================================
> > --- vfs-2.6.orig/fs/namespace.c 2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/fs/namespace.c 2008-04-02 11:03:18.000000000 +0200
> > @@ -748,7 +748,7 @@ struct proc_fs_info {
> > const char *str;
> > };
> >
> > -static void show_sb_opts(struct seq_file *m, struct super_block *sb)
> > +static int show_sb_opts(struct seq_file *m, struct super_block *sb)
> > {
> > static const struct proc_fs_info fs_info[] = {
> > { MS_SYNCHRONOUS, ",sync" },
> > @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
> > if (sb->s_flags & fs_infop->flag)
> > seq_puts(m, fs_infop->str);
> > }
> > +
> > + return security_sb_show_options(m, sb);
> > }
> >
> > static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
> > @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
> > seq_putc(m, ' ');
> > show_type(m, mnt->mnt_sb);
> > seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
> > - show_sb_opts(m, mnt->mnt_sb);
> > + err = show_sb_opts(m, mnt->mnt_sb);
> > show_mnt_opts(m, mnt);
> > - if (mnt->mnt_sb->s_op->show_options)
> > + if (!err && mnt->mnt_sb->s_op->show_options)
> > err = mnt->mnt_sb->s_op->show_options(m, mnt);
> > seq_puts(m, " 0 0\n");
> > return err;
> > @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
> > seq_putc(m, ' ');
> > mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
> > seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
> > - show_sb_opts(m, sb);
> > - if (sb->s_op->show_options)
> > + err = show_sb_opts(m, sb);
> > + if (!err && sb->s_op->show_options)
> > err = sb->s_op->show_options(m, mnt);
> > seq_putc(m, '\n');
> > return err;
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
