Re: [PATCH v5 2/3] fanotify: notify on mount attach and detach

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed 29-01-25 17:58:00, Miklos Szeredi wrote:
> Add notifications for attaching and detaching mounts.  The following new
> event masks are added:
> 
>   FAN_MNT_ATTACH  - Mount was attached
>   FAN_MNT_DETACH  - Mount was detached
> 
> If a mount is moved, then the event is reported with (FAN_MNT_ATTACH |
> FAN_MNT_DETACH).
> 
> These events add an info record of type FAN_EVENT_INFO_TYPE_MNT containing
> these fields identifying the affected mounts:
> 
>   __u64 mnt_id    - the ID of the mount (see statmount(2))
> 
> FAN_REPORT_MNT must be supplied to fanotify_init() to receive these events
> and no other type of event can be received with this report type.
> 
> Marks are added with FAN_MARK_MNTNS, which records the mount namespace from
> an nsfs file (e.g. /proc/self/ns/mnt).
> 
> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>

Just one small comment below. Otherwise feel free to add:

Reviewed-by: Jan Kara <jack@xxxxxxx>

> @@ -1847,6 +1890,19 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
>  		return -EINVAL;
>  	group = fd_file(f)->private_data;
>  
> +	/* Only report mount events on mnt namespace */
> +	if (FAN_GROUP_FLAG(group, FAN_REPORT_MNT)) {
> +		if (mask & ~FANOTIFY_MOUNT_EVENTS)
> +			return -EINVAL;
> +		if (mark_type != FAN_MARK_MNTNS)
> +			return -EINVAL;
> +	} else {
> +		if (mask & FANOTIFY_MOUNT_EVENTS)
> +			return -EINVAL;
> +		if (mark_type == FAN_MARK_MNTNS)
> +			return -EINVAL;
> +	}
> +
>  	/*
>  	 * An unprivileged user is not allowed to setup mount nor filesystem
>  	 * marks.  This also includes setting up such marks by a group that
> @@ -1888,7 +1944,7 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask,
>  	 * point.
>  	 */
>  	fid_mode = FAN_GROUP_FLAG(group, FANOTIFY_FID_BITS);
> -	if (mask & ~(FANOTIFY_FD_EVENTS|FANOTIFY_EVENT_FLAGS) &&
> +	if (mask & ~(FANOTIFY_FD_EVENTS|FANOTIFY_MOUNT_EVENTS|FANOTIFY_EVENT_FLAGS) &&

I understand why you need this but the condition is really hard to
understand now and the comment above it becomes out of date. Perhaps I'd
move this and the following two checks for FAN_RENAME and
FANOTIFY_PRE_CONTENT_EVENTS into !FAN_GROUP_FLAG(group, FAN_REPORT_MNT)
branch to make things more obvious?

								Honza
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux