Re: [PATCH v10 04/11] landlock: Support file truncation

Paul Moore <paul@xxxxxxxxxxxxxx> · Tue, 18 Oct 2022 15:13:40 -0400

On Tue, Oct 18, 2022 at 2:22 PM Günther Noack <gnoack3000@xxxxxxxxx> wrote:
>
> Introduce the LANDLOCK_ACCESS_FS_TRUNCATE flag for file truncation.
>
> This flag hooks into the path_truncate, file_truncate and
> file_alloc_security LSM hooks and covers file truncation using
> truncate(2), ftruncate(2), open(2) with O_TRUNC, as well as creat().
>
> This change also increments the Landlock ABI version, updates
> corresponding selftests, and updates code documentation to document
> the flag.
>
> In security/security.c, allocate security blobs at pointer-aligned
> offsets. This fixes the problem where one LSM's security blob can
> shift another LSM's security blob to an unaligned address. (Reported
> by Nathan Chancellor)
>
> The following operations are restricted:
>
> open(2): requires the LANDLOCK_ACCESS_FS_TRUNCATE right if a file gets
> implicitly truncated as part of the open() (e.g. using O_TRUNC).
>
> Notable special cases:
> * open(..., O_RDONLY|O_TRUNC) can truncate files as well in Linux
> * open() with O_TRUNC does *not* need the TRUNCATE right when it
>   creates a new file.
>
> truncate(2) (on a path): requires the LANDLOCK_ACCESS_FS_TRUNCATE
> right.
>
> ftruncate(2) (on a file): requires that the file had the TRUNCATE
> right when it was previously opened. File descriptors acquired by
> other means than open(2) (e.g. memfd_create(2)) continue to support
> truncation with ftruncate(2).
>
> Reported-by: Nathan Chancellor <nathan@xxxxxxxxxx>
> Signed-off-by: Günther Noack <gnoack3000@xxxxxxxxx>
> ---
>  include/uapi/linux/landlock.h                |  21 +++-
>  security/landlock/fs.c                       | 104 ++++++++++++++++++-
>  security/landlock/fs.h                       |  24 +++++
>  security/landlock/limits.h                   |   2 +-
>  security/landlock/setup.c                    |   1 +
>  security/landlock/syscalls.c                 |   2 +-
>  security/security.c                          |  11 +-
>  tools/testing/selftests/landlock/base_test.c |   2 +-
>  tools/testing/selftests/landlock/fs_test.c   |   7 +-
>  9 files changed, 153 insertions(+), 21 deletions(-)

Thanks for the LSM security blob allocator fixes Günther!

Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> (LSM)

-- 
paul-moore.com