Received: by 10.192.165.148 with SMTP id m20csp4788164imm; Tue, 24 Apr 2018 08:25:09 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+VjPa4KjDzE4GQIuRHQGZVl3hPjttI2lirRHYcKJp87xHUAgQbxjXcQDTzgFPOPs7hW485 X-Received: by 10.99.186.5 with SMTP id k5mr20617873pgf.39.1524583509273; Tue, 24 Apr 2018 08:25:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524583509; cv=none; d=google.com; s=arc-20160816; b=VrNpL4lmPSsVQFOEWfTXWxB9YUC4wihTsqHElzd9wLer/r2JiDMEUJsWwhX67PYW3G yBKB/LmM9aPn9Cx7uTum1VOODEhe6O5WdzjlvzlSNK9D7E2kB2V31d/ANNnjhtPXxmMY A3BDVE/ZbQoqnklADaj/v8d4AK97AozdLFIUKE3mrEozgeB8utlnXUrc3esRN/la0tKd x69Ylwm7z2IzgkCUIi5jTA6FRBe/PCo+ivvSRSSkb6BgRzVIFuT+HIZt6B25VCV91mme 8EK+aT18SKVwB308x9fYBUoSPHdROMREhboHDyEEJBWKzwB4y8xsaRAJGsSLhxkS+Ul5 qAkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization :arc-authentication-results; bh=4ZO+oNmOSJkUtAh1h6+lOwfjUvzfVDgaLxtrtpFMxNk=; b=itgLUN2rXsYLdRdoM2NZ+2+7GSBfh42jgbPb58i07uWDwfDMfJpdisodV5Vq0nHeL7 HzSKdVHp/+VFrf7Id0QAUHHNGDUAoAKH08xlkK7lKLSuvhTEd9tR62E215VZINq+DUQn 5T70UmsXKOlcHJAzq0UG42TnqsvrHpJ5Mr/EmohhyITudM8AnO7grx/Qm2OPgfskt5E1 0bhdK7RrY4jpOKPIP8c+tZCGwz8cyc6DH99kn7tEDx1gNvq0tKQhRdjOiceX7tvxfyIM lkX0qiE53K8tRT9BDOSJnsooTaYpfT0/qqy2WZUO6ZlmPbyMAYhGCXp4WTvkJMq6JJgv 3bNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 66si13793044pfm.167.2018.04.24.08.24.54; Tue, 24 Apr 2018 08:25:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751603AbeDXPWz (ORCPT + 99 others); Tue, 24 Apr 2018 11:22:55 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:47490 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750749AbeDXPWu (ORCPT ); Tue, 24 Apr 2018 11:22:50 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 548D7406C7A0; Tue, 24 Apr 2018 15:22:49 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-121-60.rdu2.redhat.com [10.10.121.60]) by smtp.corp.redhat.com (Postfix) with ESMTP id EB3341208F9F; Tue, 24 Apr 2018 15:22:47 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <152414466005.23902.12967974041384198114.stgit@warthog.procyon.org.uk> <152414469006.23902.8132059438921850399.stgit@warthog.procyon.org.uk> <3232.1524238511@warthog.procyon.org.uk> To: Stephen Smalley Cc: dhowells@redhat.com, Paul Moore , linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, viro@zeniv.linux.org.uk, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, linux-afs@lists.infradead.org Subject: Re: [PATCH 04/24] VFS: Add LSM hooks for filesystem context [ver #7] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <702.1524583367.1@warthog.procyon.org.uk> Date: Tue, 24 Apr 2018 16:22:47 +0100 Message-ID: <703.1524583367@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 24 Apr 2018 15:22:49 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 24 Apr 2018 15:22:49 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Stephen Smalley wrote: > Neither fsopen() nor fscontext_fs_write() appear to perform any kind of > up-front permission checking (DAC or MAC), although some security hooks may > be ultimately called to allocate structures, parse security options, etc. > Is there a reason not apply a may_mount() or similar check up front? may_mount() is called by fsmount() at the moment. It may make sense to move this earlier to fsopen(). Note that there's also going to be something that looks like: fd = fspick("/mnt"); fsmount(fd, "/a", MNT_NOEXEC); // ie. bind mount or: fd = fspick("/mnt"); write(fd, "o intr"); write(fd, "x reconfigure"); // ie. something like remount close(fd); I guess we'd want to call may_mount() in fspick() too. But there's also the possibility of using this to create a query interfact too: fd = fspick("/mnt"); write(fd, "q intr"); read(fd, value_buffer); David