On 01/05/2020 06:02, James Morris wrote: > On Tue, 28 Apr 2020, Mickaël Salaün wrote: > >> An LSM doesn't get path information related to an access request to open >> an inode. This new (internal) MAY_EXECMOUNT flag enables an LSM to >> check if the underlying mount point of an inode is marked as executable. >> This is useful to implement a security policy taking advantage of the >> noexec mount option. >> >> This flag is set according to path_noexec(), which checks if a mount >> point is mounted with MNT_NOEXEC or if the underlying superblock is >> SB_I_NOEXEC. >> >> Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxx> >> Reviewed-by: Philippe Trébuchet <philippe.trebuchet@xxxxxxxxxxx> >> Reviewed-by: Thibaut Sautereau <thibaut.sautereau@xxxxxxxxxxx> >> Cc: Aleksa Sarai <cyphar@xxxxxxxxxx> >> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> >> Cc: Kees Cook <keescook@xxxxxxxxxxxx> > > Are there any existing LSMs which plan to use this aspect? This commit message was initially for the first version of O_MAYEXEC, which extended Yama. The current enforcement implementation is now directly in the FS subsystem (as requested by Kees Cook). However, this MAY_EXECMOUNT flag is still used by the current FS implementation and it could still be useful for LSMs.
