Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2256193imm; Tue, 10 Jul 2018 16:37:49 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcaqEWKC7z8+08v3gIbC57yj1rNmyJHamg0/iV0tUa7QSq7bPBVRTjP74xFXZvhHtVUYqA4 X-Received: by 2002:a17:902:4424:: with SMTP id k33-v6mr26538873pld.242.1531265869126; Tue, 10 Jul 2018 16:37:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531265869; cv=none; d=google.com; s=arc-20160816; b=hbUrq1LHlsDP2qCZNFhKWSJrYl6hYHpIWk8lJEftF9nMtxx0/chK6wOMDY3HIDlx6R ZXhl31T1r/R0lzV3ousfdOWyVces6XvHWiDLgOBnnTfeAsFEITK0vL7YY0m5C5DrJXwT AQl4IsBk8g8LKBR6I+6zHhHNs0EXV8gfyeFyiiyMZGp5vAIGnAGIPvK7bHDMtLX2DPRG 1Aulr3kkz46ZDuyKphXoHT5OnZpxDkyR3SFTdAixUcvriSHE0Die8Q/elieR4NEYbLJg CN6MdwiEaog+/8NUoP83ZApB62sn9KEyYoeuROPcHhM7e/iGkhcpH/Spyiv8Ub0XUSPr 8btw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :references:date:mime-version:cc:to:from:subject:message-id :arc-authentication-results; bh=D5flI4m37FJPJOAvwDsNexHlli+P50gIVQpwKO44Rx4=; b=s6dn9OsUM3DAL6IV53NeI4VjnyJmU8qZdOG8xidy7B4I0P+Ip65kKDK0b6QME9Mofa kfUifnGgUT5+RnKUV1ZhbdKaGjtaN+a5wig1/OoLR6f0dQqwSZvmrFeTLVcRzu5kOvzf uLoCRi4UThLwRNkwNE41SVX6zoeBmT+AZPs7PZG/5jSsAxUQIPT6iCF4vOANcGNOeJFe uuGTE8sZN7P5swec+QUflk0e3DWr4QRYwxVB0Qdr/4J+T7rgEsBbt31MtYO4YZiJtBVA PKeaNkhAFAh7R/Ga2vpI6YaKhs8/mTa3yCI+o84c90U9kSdQlAcT8LV8pcOUyIXpIpIU GUAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i13-v6si17126031pgi.277.2018.07.10.16.37.34; Tue, 10 Jul 2018 16:37:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732457AbeGJXgI (ORCPT + 99 others); Tue, 10 Jul 2018 19:36:08 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:30774 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732414AbeGJXgH (ORCPT ); Tue, 10 Jul 2018 19:36:07 -0400 Received: from fsav402.sakura.ne.jp (fsav402.sakura.ne.jp [133.242.250.101]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id w6ANYJZi033614; Wed, 11 Jul 2018 08:34:19 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav402.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav402.sakura.ne.jp); Wed, 11 Jul 2018 08:34:19 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav402.sakura.ne.jp) Received: from www262.sakura.ne.jp (localhost [127.0.0.1]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id w6ANYJI7033609; Wed, 11 Jul 2018 08:34:19 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: (from i-love@localhost) by www262.sakura.ne.jp (8.15.2/8.15.2/Submit) id w6ANYJCl033608; Wed, 11 Jul 2018 08:34:19 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Message-Id: <201807102334.w6ANYJCl033608@www262.sakura.ne.jp> X-Authentication-Warning: www262.sakura.ne.jp: i-love set sender to penguin-kernel@i-love.sakura.ne.jp using -f Subject: Re: [PATCH 10/32] tomoyo: Implement security hooks for the new mount API [ver #9] From: Tetsuo Handa To: David Howells Cc: viro@zeniv.linux.org.uk, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, tomoyo-dev-en@lists.sourceforge.jp, torvalds@linux-foundation.org MIME-Version: 1.0 Date: Wed, 11 Jul 2018 08:34:19 +0900 References: <153126248868.14533.9751473662727327569.stgit@warthog.procyon.org.uk> <153126255706.14533.4069320423640498264.stgit@warthog.procyon.org.uk> In-Reply-To: <153126255706.14533.4069320423640498264.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset="ISO-2022-JP" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org David Howells wrote: > Implement the security hook to check the creation of a new mountpoint for > Tomoyo. > > As far as I can tell, Tomoyo doesn't make use of the mount data or parse > any mount options, so I haven't implemented any of the fs_context hooks for > it. > > Signed-off-by: David Howells > cc: Tetsuo Handa > cc: tomoyo-dev-en@lists.sourceforge.jp > cc: linux-security-module@vger.kernel.org > Would you provide examples of each possible combination as a C program? For example, if one mount point from multiple sources with different options are possible, please describe such pattern using syscall so that LSM modules can run it to see whether they are working as expected.