Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1495506imm; Fri, 27 Jul 2018 19:31:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeVUqYs/gXnNJ9OdePKp9WBcVD/5GM9pEUcomHRDjXqVUN3pdDIkPZ92b41TaQT9x0Nhm3U X-Received: by 2002:a62:201b:: with SMTP id g27-v6mr8923582pfg.253.1532745071692; Fri, 27 Jul 2018 19:31:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532745071; cv=none; d=google.com; s=arc-20160816; b=xM1JrAULD/q/Wc7GT2Ie02SLBPLngt7CNFeSQmwenO8nFSB69GpIpDfbn5xNlkrdv6 Lyf27otV8jzYT7PkKCwA1BR3NTRoKj0tDw87hFrxPB9/NCEpKxs95G0xsfk+gbIbC6Hq ZwKYupqLBLIlZTeqEOUP1V5un5UR7ZuPpY/X2ih+bheD6uxTL1HF2P+ulxFKMe4Auc6W EujgOiTibnOuO6NjMMgaIgPNwdbG/7yFfhiHvwVWcCMLplHbJ+amgvnJ5TWGhpRTJ5DR cA+jcqGtW6x7D0H72L/ympC+lENLv6EqJPls5l+bVjh28vBcDCfqTb6ST4tl1q6dk3zQ VkRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=5JuJFibYV7/9ymLBcRgNbwjziu8DRXwpZA+VbkDhYRw=; b=KWy+kU6IjqIkG51TEpsYGCAEzkL5jZa9oe4C/0tlPDIXCqF9E8HZPRBj8QkOsJrHFs jvqkjPgZeXOIWFL2l+Jp1kal0Tgvyk15FQ65AHDmynCknaLrai8IfOk0rBsXjM/zESxD u9IJtEChJSVdeVdD3L4fGWGjofvyOeZUGkTzRIxA/+X3jDON264jIbWxpuTVn1AhLUDg BFaj1uNziQb3RVVMdoWHKTSjNBthCTDUU0olvQYdOHTnbymFijz3IzYePMQK2dr2R4rL 1dNAd6IM0anJ/gB58SlEg88SF8oz/vfyENQP21ziOJiXSY8Ofp00XW2HVlUPLYpCmeGw RFLQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j10-v6si4501643pgq.503.2018.07.27.19.30.56; Fri, 27 Jul 2018 19:31:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389393AbeG1Dys (ORCPT + 99 others); Fri, 27 Jul 2018 23:54:48 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:20499 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389312AbeG1Dys (ORCPT ); Fri, 27 Jul 2018 23:54:48 -0400 Received: from fsav401.sakura.ne.jp (fsav401.sakura.ne.jp [133.242.250.100]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id w6S2U7kj078362; Sat, 28 Jul 2018 11:30:07 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav401.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav401.sakura.ne.jp); Sat, 28 Jul 2018 11:30:07 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav401.sakura.ne.jp) Received: from [192.168.1.8] (softbank126074194044.bbtec.net [126.74.194.44]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id w6S2U24d078301 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 28 Jul 2018 11:30:07 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Subject: Re: [PATCH 13/38] tomoyo: Implement security hooks for the new mount API [ver #10] To: David Howells Cc: viro@zeniv.linux.org.uk, tomoyo-dev-en@lists.sourceforge.jp, linux-security-module@vger.kernel.org, torvalds@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <153271267980.9458.7640156373438016898.stgit@warthog.procyon.org.uk> <153271277078.9458.16912166489973051987.stgit@warthog.procyon.org.uk> From: Tetsuo Handa Message-ID: Date: Sat, 28 Jul 2018 11:29:57 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <153271277078.9458.16912166489973051987.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/07/28 2:32, David Howells wrote: > Implement the security hook to check the creation of a new mountpoint for > Tomoyo. > > As far as I can tell, Tomoyo doesn't make use of the mount data or parse > any mount options, so I haven't implemented any of the fs_context hooks for > it. > > Signed-off-by: David Howells > cc: Tetsuo Handa > cc: tomoyo-dev-en@lists.sourceforge.jp > cc: linux-security-module@vger.kernel.org Would you provide examples of each possible combination as a C program? For example, if one mount point from multiple sources with different options are possible, please describe such pattern using syscall so that LSM modules can run it to see whether they are working as expected.