Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1290575pxb; Fri, 21 Jan 2022 14:30:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJz49b8XuGXudIMQhfGgpFxq39u3YrwhGFQCRLQPvgZ47XiBasJW006jqlqEe10jpfwT79Xy X-Received: by 2002:a17:903:2403:b0:14a:70dc:1593 with SMTP id e3-20020a170903240300b0014a70dc1593mr5738887plo.145.1642804248075; Fri, 21 Jan 2022 14:30:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642804248; cv=none; d=google.com; s=arc-20160816; b=yOdqAJixCwCClUPJ1GBxWP1o9B0jgsRtXY0Fn5bGVuYXCaYaF1PhPqEW9RCZ7fDJ2B FNJQK1mDAN8w0mndo6XwobWLWBnqiujgPYB4bHUBaBNdlOIRnhoqr0n9b2WX+8VCJDGi 3zTfz/P3hKrcGwPkjfl8iDGagRaahVROu8grbK0TFx0v6LX9ii+ynd5iU8CPQRdngOqP W4USSnYnlhmwoX7WGKnQm5ZZIaAJDUC9gTue6tg0MLCgfyjJfMYQseGurlQRfo+3S7pb vsNWSZm9BduJHMRG6ldeSXqtUdNkb8yOccvNa2bAvP8hhsmNcYk8Aa6kFDw3cqfZTSaB hm+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=nw21DXI5tw2hIoJNvKpVyoLMBzMbxA4gDPPYMtT2PCw=; b=DknQkKb3a099fv+bXBnkMEiEn2iZd1xPQb322W0riuYkbW8t1AI6vtQ+iLsIAxjbYd T4/PQKXb9YthdAfz4Bk3g8X0smS2zSS765SDRBQN1L9rMX2eo4WVNnWM8lz8KdcIkJoY oswtvPOZI9lo3/6ZFS0XzmcxYD7M5jPjR93HQZO3LeB/vjTSe8DhqCeH1mFwjhY3baHb 1vbzFdQwSTwT8MuywYKGiHYULQG1t40NbU0FbTY951J2ChBKjj6tG1u6NZ3++bKJ2juB 9AD4incTqFwafIy9keW1OkDgE8Z7nyfnxbFBWeQDyGL+qLLdxfhn1KENiafveZxR36zF pz4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b="fErZozI/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g191si7257726pgc.494.2022.01.21.14.30.34; Fri, 21 Jan 2022 14:30:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b="fErZozI/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239074AbiATSCL (ORCPT + 99 others); Thu, 20 Jan 2022 13:02:11 -0500 Received: from linux.microsoft.com ([13.77.154.182]:56248 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238561AbiATSCG (ORCPT ); Thu, 20 Jan 2022 13:02:06 -0500 Received: from machine.home (lfbn-lyo-1-1484-111.w86-207.abo.wanadoo.fr [86.207.51.111]) by linux.microsoft.com (Postfix) with ESMTPSA id 6652520B8010; Thu, 20 Jan 2022 10:02:05 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6652520B8010 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1642701726; bh=nw21DXI5tw2hIoJNvKpVyoLMBzMbxA4gDPPYMtT2PCw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fErZozI/eGIYLMHCe7f+RAxe+mi/01XEhEB6ltGDnsh2tq8Avao10gdWhvGQLGhCf 03mkLXghDl+WgV8drRQqDK4sPFqQp2Or/zApz6YDm2FYJgyxJ/ua6ZsEnkQ5a2sQ1c 0sJWt8uHR2silGAkqKy+YPRSQ0n5+H6XdFKyzqrM= From: Francis Laniel To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org, Serge Hallyn , Casey Schaufler , Francis Laniel Subject: [RFC PATCH v3 2/2] security/inode.c: Add capabilities file. Date: Thu, 20 Jan 2022 19:01:16 +0100 Message-Id: <20220120180116.167702-3-flaniel@linux.microsoft.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220120180116.167702-1-flaniel@linux.microsoft.com> References: <20220120180116.167702-1-flaniel@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This new read-only file prints the capabilities values with their names: cat /sys/kernel/security/capabilities 0 CAP_CHOWN 1 CAP_DAC_OVERRIDE ... 40 CAP_CHECKPOINT_RESTORE Signed-off-by: Francis Laniel --- security/inode.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/security/inode.c b/security/inode.c index 6c326939750d..cef78b497bab 100644 --- a/security/inode.c +++ b/security/inode.c @@ -21,6 +21,7 @@ #include #include #include +#include static struct vfsmount *mount; static int mount_count; @@ -328,6 +329,19 @@ static const struct file_operations lsm_ops = { }; #endif +static struct dentry *capabilities_dentry; +static ssize_t capabilities_read(struct file *unused, char __user *buf, + size_t count, loff_t *ppos) +{ + return simple_read_from_buffer(buf, count, ppos, cap_string, + strlen(cap_string)); +} + +static const struct file_operations capabilities_ops = { + .read = capabilities_read, + .llseek = generic_file_llseek, +}; + static int __init securityfs_init(void) { int retval; @@ -345,6 +359,8 @@ static int __init securityfs_init(void) lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops); #endif + capabilities_dentry = securityfs("capabilities", 0444, NULL, NULL, + capabilities_ops); return 0; } core_initcall(securityfs_init); -- 2.30.2