On Fri, Apr 05, 2024 at 02:17:29PM -0400, Kent Overstreet wrote: > On Fri, Apr 05, 2024 at 06:22:52PM +0200, Günther Noack wrote: > > Kent, Amir: > > > > Is it intentional that the new FS_IOC_GETUUID and FS_IOC_GETFSSYSFSPATH IOCTLs > > can fall back to a IOCTL implementation in struct file_operations? I found this > > remark by Amir which sounded vaguely like it might have been on purpose? Did I > > understand that correctly? > > > > https://lore.kernel.org/lkml/CAOQ4uxjvEL4P4vV5SKpHVS5DtOwKpxAn4n4+Kfqawcu+H-MC5g@xxxxxxxxxxxxxx/ > > > > Otherwise, I am happy to send a patch to make it non-extensible (the impls in > > fs/ioctl.c would need to return -ENOTTY). This would let us reason better about > > the safety of these IOCTLs for IOCTL security policies enforced by the Landlock > > LSM. (Some of these file_operations IOCTL implementations do stuff before > > looking at the cmd number.) > > They're not supposed to be extensible - the generic implementations are > all we need. Thank you for confirming, Kent -- I sent you a small patch as part of the next version of the Landlock patch series: https://lore.kernel.org/all/20240405214040.101396-2-gnoack@xxxxxxxxxx/ —Günther
