Calls to the openat(2) family of syscalls are mediated by the file_open LSM hook, but the opening of O_PATH file descriptors completely bypasses LSM mediation, preventing LSMs from initializing LSM file security context blobs for such file descriptors for use in other mediation hooks. This patchset enables mediation of O_PATH file descriptors through the file_open hook and updates the LSMs using that hook to unconditionally allow creation of O_PATH fds, in order to preserve the existing behavior. However, the LSM patches are primarily meant as a starting point for discussions on how each one wants to handle O_PATH fd creation. Ryan Lee (6): fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well apparmor: explicitly skip mediation of O_PATH file descriptors landlock: explicitly skip mediation of O_PATH file descriptors selinux: explicitly skip mediation of O_PATH file descriptors smack: explicitly skip mediation of O_PATH file descriptors tomoyo: explicitly skip mediation of O_PATH file descriptors fs/open.c | 7 ++++++- security/apparmor/lsm.c | 10 ++++++++++ security/landlock/fs.c | 8 ++++++++ security/selinux/hooks.c | 5 +++++ security/smack/smack_lsm.c | 4 ++++ security/tomoyo/file.c | 4 ++++ 6 files changed, 37 insertions(+), 1 deletion(-) -- 2.43.0
