On Mon, Mar 25, 2024 at 9:40 AM Günther Noack <gnoack@xxxxxxxxxx> wrote: > > If security_file_ioctl or security_file_ioctl_compat return > ENOFILEOPS, the IOCTL logic in fs/ioctl.c will permit the given IOCTL > command, but only as long as the IOCTL command is implemented directly > in fs/ioctl.c and does not use the f_ops->unhandled_ioctl or > f_ops->compat_ioctl operations, which are defined by the given file. > > The possible return values for security_file_ioctl and > security_file_ioctl_compat are now: > > * 0 - to permit the IOCTL > * ENOFILEOPS - to permit the IOCTL, but forbid it if it needs to fall > back to the file implementation. > * any other error - to forbid the IOCTL and return that error At this point I think this thread has resolved itself, but I wanted to add a quick comment for those who may stumble across this in the future ... I want to discourage magic return values in the LSM hooks as much as possible; they have caused issues in the past and I suspect they will continue to do so in the future (although now that we have proper function header comments the risk may be slightly lower). If there is absolutely no way around it, then that's okay, but if possible I would prefer we stick with the 0:allowed, !0:rejected model for the LSM hook return values. > This is an alternative to the previously discussed approaches [1] and [2], > and implements the proposal from [3]. > > Cc: Christian Brauner <brauner@xxxxxxxxxx> > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > Cc: Mickaël Salaün <mic@xxxxxxxxxxx> > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Link: https://lore.kernel.org/r/20240309075320.160128-2-gnoack@xxxxxxxxxx [1] > Link: https://lore.kernel.org/r/20240322151002.3653639-2-gnoack@xxxxxxxxxx/ [2] > Link: https://lore.kernel.org/r/32b1164e-9d5f-40c0-9a4e-001b2c9b822f@xxxxxxxxxxxxxxxx/ [3] > Suggested-by: Arnd Bergmann <arnd@xxxxxxxx> > Signed-off-by: Günther Noack <gnoack@xxxxxxxxxx> > --- > fs/ioctl.c | 25 ++++++++++++++++++++----- > include/linux/security.h | 6 ++++++ > security/security.c | 10 ++++++++-- > 3 files changed, 34 insertions(+), 7 deletions(-) -- paul-moore.com