On Wed, Jun 17, 2020 at 5:31 PM J. Bruce Fields <bfields@xxxxxxxxxx> wrote: > > On Wed, Jun 17, 2020 at 04:42:56PM +0200, Andreas Gruenbacher wrote: > > Hi Bruce, > > > > On Wed, Jun 17, 2020 at 2:58 AM J. Bruce Fields <bfields@xxxxxxxxxx> wrote: > > > I think I'll send the following upstream. > > > > looking good, but how about using a little helper for this? > > I like it. And the new comment's helpful too. > > > > > Also I'm not sure if ecryptfs gets this right, so taking the ecryptfs > > list into the CC. > > Yes, questions I had while doing this: > > - cachefiles, ecrypfs, devtmpfs, and unix_mknod skip the check, > is that OK for all of them? (Overlayfs too, I think?--that > code's harder to follow. > > - why don't vfs_{create,mknod,mkdir} do the IS_POSIXACL check > themselves? Even if it's unnecessary for some callers, surely > it wouldn't be wrong? That's a good question. The security_path_{mkdir,mknod} hooks would then probably be passed the original create mode before applying the umask, but at that point it's not clear what the new inode's final mode will be, anyway. > I also wondered why both vfs_{create,mknod,mkdir} and the callers were > calling security hooks, but now I see that the callers are calling > security_path_* hooks and the vfs_ functions are calling > security_inode_* hooks, so I guess they're not redundant. > > Though now I wonder why some of the callers (nfsd, overlayfs) are > skipping the security_path_* hooks. The path based security hooks are only used by apparmor and tomoyo. Those hooks basically control who (which process) can do what where in the filesystem, but nfsd isn't aware of the "who", and overlayfs is a layer below the "where". Andreas