Received: by 10.223.176.5 with SMTP id f5csp421320wra; Wed, 7 Feb 2018 01:23:05 -0800 (PST) X-Google-Smtp-Source: AH8x224DIzlTOYAVGjtQWoBx5AMEsT/otfgNv36a8Zxca1D8PdnN2/FdpudXEFLLHQlWUHaoBVAb X-Received: by 2002:a17:902:bd47:: with SMTP id b7-v6mr5337110plx.300.1517995385666; Wed, 07 Feb 2018 01:23:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517995385; cv=none; d=google.com; s=arc-20160816; b=DQFuxCOxhnHdoM5QIRiuo8VhraSHrdMI71RoxJeVAGt+JwyJYO/HzWJzCZj2YCdROE f7BU71HaQzekGHa0AgLeEvUFBmAaIEr1kg1iwUgjXfX93BSKXtBy68+QPAFWp34Tr54B 1jvxqfioLO9vPsAVgCBMja+kTTxZw1uLHcC9QezISUh+agqHQbgeesrAcl+vUgPCPnya PhZYJsRJVOXT6dEJ8+0MRciXYH3hbxFCGfIGrGmLKlqVHEF56OVaH+4RXNBQtIhr/JD+ AMtgJb1bQA+kceAgsotBrGgGFW8TxytgZXEhX/n6+1+Dr5vv00CJIgX+sLUhgQXFa1ri aQCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=SDQkk6ZgGJjpGVchx9modiXczti1+wzgJJuR+snYntw=; b=wRbf7oCDAkfckEvLMfdSmIV2wLkO9fx7qGh5fJlIyb1yKBBt98d+Lfjd1b+n18tHpA Iytfp4S23sfVm6SaMI3it1fZRG++ViZfPHFVkXVlgfIGRQRAYJK/rn0EvCOP4b1qPdl7 Nfci7aQCyuPCHb6nAvGJNkyq+9kX1EB4Z7nH7GOjAYlB63+wWdqgWvQsOGBieIk7WSMX vPTiqgrtsk1XLmV+OgI4fVnb9TWUcNAP/ufP1YN8QLotXvT8jMaSe+1T/GiNuIG/kePq ubIP0OYzDmydeHMOvNsl2aie1t1a0zY06DN7Ff+cAMhhwfWkrYiE5kPty2dCBkZySt4F INDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=oTBmYrXZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1si676303pgc.593.2018.02.07.01.22.51; Wed, 07 Feb 2018 01:23:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=oTBmYrXZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753650AbeBGJVe (ORCPT + 99 others); Wed, 7 Feb 2018 04:21:34 -0500 Received: from mail-qk0-f195.google.com ([209.85.220.195]:39059 "EHLO mail-qk0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753291AbeBGJVb (ORCPT ); Wed, 7 Feb 2018 04:21:31 -0500 Received: by mail-qk0-f195.google.com with SMTP id d72so221694qkc.6 for ; Wed, 07 Feb 2018 01:21:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SDQkk6ZgGJjpGVchx9modiXczti1+wzgJJuR+snYntw=; b=oTBmYrXZF/95kXUwUcdvsxLAxkew8G8Iw3fDJNP2l3UrVESXsiodfRwqfBkIhBV8y+ uL6TXUkY2oUlQb2DJtgTUx6ahFSQ6/YROVvZIDBO2yTL+8Q7G2iANbhwhq7FurN2ZuvJ A2WBsYsomweY+E9dMuAhG5bV7aiFaTBotBpWE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SDQkk6ZgGJjpGVchx9modiXczti1+wzgJJuR+snYntw=; b=Wr7DB9IFkWU7nv+/AtuK1ckK6LF+D/NqJ4WcCfnPbnPWIWc0K+siL1wK79uBUOO4Vr DHkcrtY+21bozjSoE8h7D4uIsNIX5f0Y951cz4xhllc7K6iJV7sJJJx+RYk0oU3Xbpjp LKaK+qliW79SykSoWF9fFAR2xIYNG7diH54rfAkQV4h3Y2VLxNhAioKNR9rwld1a5rOS 2K5D5C1k1QeqD1GidPaoYws4w8CErvsdG8cLZwsDDkNaWqsnRX+XGsUg7BIpZUwwuXrc nnDqMIVKAYEGq9bzxt9TmOC4V+xNNE0syduGTZDL4sxkQUwACwfPgyQcApOWyeMe3l2b 6UuA== X-Gm-Message-State: APf1xPCRPd706qUPWCdQCxxrEJTRogu+F4I7WvHuB8hWxNcQK0vZWz+c qAd0G/zpqH4Af/obCQhhgK5QL/L3zTjgdgq7KInudQ== X-Received: by 10.55.24.147 with SMTP id 19mr8479204qky.173.1517995290447; Wed, 07 Feb 2018 01:21:30 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.25.233 with HTTP; Wed, 7 Feb 2018 01:21:29 -0800 (PST) X-Originating-IP: [176.63.54.97] In-Reply-To: <86832c6adb256f29f44b6229222b80964fc8cfcc.1517314847.git.dongsu@kinvolk.io> References: <86832c6adb256f29f44b6229222b80964fc8cfcc.1517314847.git.dongsu@kinvolk.io> From: Miklos Szeredi Date: Wed, 7 Feb 2018 10:21:29 +0100 Message-ID: Subject: Re: [RFC PATCH v4 1/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE To: Dongsu Park Cc: linux-kernel@vger.kernel.org, linux-integrity , LSM , linux-fsdevel@vger.kernel.org, Alban Crequy , Miklos Szeredi , Alexander Viro , Mimi Zohar , Dmitry Kasatkin , James Morris , Christoph Hellwig , "Serge E . Hallyn" , Seth Forshee Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 30, 2018 at 7:06 PM, Dongsu Park wrote: > From: Alban Crequy > > This new fs_type flag FS_IMA_NO_CACHE means files should be re-measured, > re-appraised and re-audited each time. Cached integrity results should > not be used. > > It is useful in FUSE because the userspace FUSE process can change the > underlying files at any time without notifying the kernel. > > Cc: linux-kernel@vger.kernel.org > Cc: linux-integrity@vger.kernel.org > Cc: linux-security-module@vger.kernel.org > Cc: linux-fsdevel@vger.kernel.org > Cc: Miklos Szeredi > Cc: Alexander Viro > Cc: Mimi Zohar > Cc: Dmitry Kasatkin > Cc: James Morris > Cc: Christoph Hellwig > Acked-by: "Serge E. Hallyn" > Acked-by: Seth Forshee > Tested-by: Dongsu Park > Signed-off-by: Alban Crequy > --- > fs/fuse/inode.c | 2 +- > include/linux/fs.h | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c > index 624f18bb..0a9e5164 100644 > --- a/fs/fuse/inode.c > +++ b/fs/fuse/inode.c > @@ -1205,7 +1205,7 @@ static void fuse_kill_sb_anon(struct super_block *sb) > static struct file_system_type fuse_fs_type = { > .owner = THIS_MODULE, > .name = "fuse", > - .fs_flags = FS_HAS_SUBTYPE, > + .fs_flags = FS_HAS_SUBTYPE | FS_IMA_NO_CACHE, > .mount = fuse_mount, > .kill_sb = fuse_kill_sb_anon, > }; > diff --git a/include/linux/fs.h b/include/linux/fs.h > index 511fbaab..ced841ba 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -2075,6 +2075,7 @@ struct file_system_type { > #define FS_BINARY_MOUNTDATA 2 > #define FS_HAS_SUBTYPE 4 > #define FS_USERNS_MOUNT 8 /* Can be mounted by userns root */ > +#define FS_IMA_NO_CACHE 16 /* Force IMA to re-measure, re-appraise, re-audit files */ I think it would be more logical to change the order of the patches (i.e. first patch adds this constant and the code handling it, and second patch just adds it to fuse's .fs_flags). Otherwise Acked-by: Miklos Szeredi Thanks, Miklos > #define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */ > struct dentry *(*mount) (struct file_system_type *, int, > const char *, void *); > -- > 2.13.6 >