Received: by 10.223.176.5 with SMTP id f5csp230835wra; Tue, 30 Jan 2018 10:34:29 -0800 (PST) X-Google-Smtp-Source: AH8x226E7TP4lgWEj43yP+/WnOuTQ9KlJRB16HL9//ORdQUo60ELTACg2byopOV1azi8jjT3Wqpb X-Received: by 2002:a17:902:2884:: with SMTP id f4-v6mr3842224plb.35.1517337269472; Tue, 30 Jan 2018 10:34:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517337269; cv=none; d=google.com; s=arc-20160816; b=pxkTDdq9UGvX00JN7q2QMEg19ntaKRtJNWVGboz5igr5m42RqBCX1VXLSqscsWq0SF MjmQc6eg1U9utPYaYrIUizrEZSrnjq2ntdIDtpww9Zaa38JOiZ1RndedQCQ+ZsF0XDf4 7jEDFGycoDS9IBCLP+MS/HDOt1JjFctleXdsAFenGAb0HB8OR1Eo46Q2NLw0+bLuRZBf FhhFvcSpaUB++F5I7qsFiDv+du9Cj5PSApFvM0tHYW7nVwGAuT1Dd0rhpV/O1a1tYntf XR8SS+m1esY/NgxPjV4GAtH+D0HeR9GGdaeFgxw1FUYRNyxiihe+mf4eP1YafeDkZVLY Abog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=BrRnskxhxP8locBzAQYENURWJ8kEVzvF9SSjSOZFrjY=; b=Z6amp/poNAlJ06Wmjfn/09bZ23C86DDHJWORAMytHRJMonRnEwnbo0cgcxoJ1Qomz8 1kMpqdT2XcEaCwf9jKQobJhX/7dtmuB+DCwyuJyAsehhjdgrHkpy7U+Izw9RtUgB12gX 5IjlEETTidjjS649sT87HKGiNnbv+/vZOYtZ5xhBcr3VQ88Pspt0R3+lYPkOBXRv1Nil lRIlVsfamWTxzXo7artrTRsLQi5HBlTfbChi6uKUrQiTrYQK9sBlolkzYb69FJNrkFOY Pbb1s5R3/ZdSD2lVrsXe6Q7VbZKGAhnKjxeh1LTqml+FbVCeyP50XeVBAYlE8QlBDuI4 oAxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=fkEuLkC+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o13si127033pgc.508.2018.01.30.10.34.14; Tue, 30 Jan 2018 10:34:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=fkEuLkC+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753279AbeA3SFg (ORCPT + 99 others); Tue, 30 Jan 2018 13:05:36 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:35709 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753012AbeA3SFa (ORCPT ); Tue, 30 Jan 2018 13:05:30 -0500 Received: by mail-wm0-f65.google.com with SMTP id r78so2991123wme.0 for ; Tue, 30 Jan 2018 10:05:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=BrRnskxhxP8locBzAQYENURWJ8kEVzvF9SSjSOZFrjY=; b=fkEuLkC+2ddT3ZXO+/Z5sdLAHBTzOwVkmDeENIPwQiKSR1JMQDPrBZuCu7Tbja42vh N2L5Iocu/cQKOkjeARcETf7Z0h0kANY7JW74CuYS9TWe/BaFLHYe1stvalNxqvbxz1FU 1qxUVS37LM2jx1+8A1OGFimzpb6c92t1UQE4E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=BrRnskxhxP8locBzAQYENURWJ8kEVzvF9SSjSOZFrjY=; b=JXJKQDdWDIRAnbWpWU0JDbyupv3EzISFJwjTnIcOlxFfZFpjlHlFsuOKLd7i7J+wlc TqvxKP8TchWsTMB0CEuqsRgD77haJ/5j6jgSRygoU9tENEmimkuUkdlzEg63HVCTywkT R9Zhx+pO/m6quA0ibN6gnRsogLbevOKT7FUB63q+WC0Urn+iiRcBT4Huy/O63MqfkQY2 8XcgiPeOjfA9rY6H0sFSCOF3f16h3du70syRs1tx8LXGGGStx2z0DlLk1MojUh1/duVQ lzdafXFtthJMNJPytF3N5FSP5CVd8VOj9bfF8BfIIPmQxAI+KrRGXFaZhR2gbcHaSyLi l1LQ== X-Gm-Message-State: AKwxytd/u3mTk5LcxaWzrES3CKczT7csArWhMz6aoStj6hWaqPqF3IvS U5+1vXFaigmD3QRlt4sjK2WyCjre8ak= X-Received: by 10.80.212.216 with SMTP id e24mr51955949edj.99.1517335528968; Tue, 30 Jan 2018 10:05:28 -0800 (PST) Received: from dberlin.localdomain (cable-86-56-52-218.cust.telecolumbus.net. [86.56.52.218]) by smtp.gmail.com with ESMTPSA id z49sm7692787edd.93.2018.01.30.10.05.27 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 30 Jan 2018 10:05:28 -0800 (PST) From: Dongsu Park To: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alban Crequy , Dongsu Park , Miklos Szeredi , Alexander Viro , Mimi Zohar , Dmitry Kasatkin , James Morris , Christoph Hellwig , "Serge E . Hallyn" , Seth Forshee , Miklos Szeredi Subject: [RFC PATCH v4 1/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE Date: Tue, 30 Jan 2018 19:06:31 +0100 Message-Id: <86832c6adb256f29f44b6229222b80964fc8cfcc.1517314847.git.dongsu@kinvolk.io> X-Mailer: git-send-email 2.13.6 In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alban Crequy This new fs_type flag FS_IMA_NO_CACHE means files should be re-measured, re-appraised and re-audited each time. Cached integrity results should not be used. It is useful in FUSE because the userspace FUSE process can change the underlying files at any time without notifying the kernel. Cc: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: Miklos Szeredi Cc: Alexander Viro Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: Christoph Hellwig Acked-by: "Serge E. Hallyn" Acked-by: Seth Forshee Tested-by: Dongsu Park Signed-off-by: Alban Crequy --- fs/fuse/inode.c | 2 +- include/linux/fs.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 624f18bb..0a9e5164 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1205,7 +1205,7 @@ static void fuse_kill_sb_anon(struct super_block *sb) static struct file_system_type fuse_fs_type = { .owner = THIS_MODULE, .name = "fuse", - .fs_flags = FS_HAS_SUBTYPE, + .fs_flags = FS_HAS_SUBTYPE | FS_IMA_NO_CACHE, .mount = fuse_mount, .kill_sb = fuse_kill_sb_anon, }; diff --git a/include/linux/fs.h b/include/linux/fs.h index 511fbaab..ced841ba 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2075,6 +2075,7 @@ struct file_system_type { #define FS_BINARY_MOUNTDATA 2 #define FS_HAS_SUBTYPE 4 #define FS_USERNS_MOUNT 8 /* Can be mounted by userns root */ +#define FS_IMA_NO_CACHE 16 /* Force IMA to re-measure, re-appraise, re-audit files */ #define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */ struct dentry *(*mount) (struct file_system_type *, int, const char *, void *); -- 2.13.6