Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2688566imi; Mon, 25 Jul 2022 05:45:54 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sibHE32oi20RlicMhfgD/7XJS3+XvYt/fP6KWFIZT9+0WUWOATCnE/EGuUqr8wtW0X6uEh X-Received: by 2002:a17:907:a075:b0:72b:33e7:d63a with SMTP id ia21-20020a170907a07500b0072b33e7d63amr9616636ejc.533.1658753153877; Mon, 25 Jul 2022 05:45:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658753153; cv=none; d=google.com; s=arc-20160816; b=TNswoOoidtGlEIsCHjc4Qj8Y07+jutB8ye56BkBGBE0h7vEbNBSEIbjT3tcMlUUwaJ GYW+GMRW68FeSZ84KCFt+wxa0zRM04D4e7rdGDVy1/NSainP3g1ohWy4aafSJY+TWcEu 243Dnk9kV4YqH4tbKmUQPorunVTqP3A//s17+C3fTZmuNckBPxLgRAtv/dQ1BkFos1B3 5I33HpaB7+2WfuZwvfeVOOdXoG2McU5QtcanlWtqOlLQCfZwCSpCo5JihCzE7P6od6ho hYZdpaWFDZjzWTDziIBjNKf3Mfk5KknBFFhQZ6JA/3xWqfctgALW+FdIzSehTCHMfhvd NBqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=2j8Ih/EjSfDlFogjnBWHcfLYq+13KlAkeT4Uf98CxPw=; b=p8VkBKwBP2AJzG7dzuGqyN4rxnN2DM68hhk1Pxe2qwshKq09tH8bsNNrSE2sNyxEKx kkSjuy14qnjCScZzGZZEuNk3m+KuOQClnT+gFKT2TXmcJZRWL4Rr/Klfj3PKEq0l8cpE MYFEH0ElmtAB6rVQd45DDxbxaMGIZwNwnuO07kLjKZbXTffy/QqnKtq0ebThBmurL69B BXNZGsugOkCcA5MhzkI3KkbeGCJIni+MPK0xqZ/pzQLotwpTzXU9YLQp84X90hFpWHZf Ekcb6wLAFjlqk710TuooMEkwv8D3B2Nr6YNnHknf1TGuSRx3cdTB5wHmLiuBJOlnFdj2 VwyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=lilC8T96; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j29-20020a056402239d00b0043bc859f01bsi11862593eda.186.2022.07.25.05.45.29; Mon, 25 Jul 2022 05:45:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=lilC8T96; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235181AbiGYMmZ (ORCPT + 99 others); Mon, 25 Jul 2022 08:42:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235176AbiGYMmT (ORCPT ); Mon, 25 Jul 2022 08:42:19 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 04BF5F594; Mon, 25 Jul 2022 05:42:17 -0700 (PDT) Received: from pwmachine.numericable.fr (82.65.121.78.rev.sfr.net [78.121.65.82]) by linux.microsoft.com (Postfix) with ESMTPSA id 04B5520C144A; Mon, 25 Jul 2022 05:42:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 04B5520C144A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1658752936; bh=2j8Ih/EjSfDlFogjnBWHcfLYq+13KlAkeT4Uf98CxPw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lilC8T96j7LLSZvF8awzzMyMyj8jNJ+NsoEuyahBOvr8wIk9ntjjfUab3r+Ntekwt JK+RWyjUqGNADBJiXSrKltpkJPzyD+lB5ow89wzFDuOYr3DaaLMLyel3zH1Z2hZbmt fQvS4Vt+g2cIUHL7a6mw/DLb+Tj2bQzvtANcI16s= From: Francis Laniel To: linux-security-module@vger.kernel.org Cc: Casey Schaufler , Eric Biederman , Francis Laniel , Serge Hallyn , James Morris , linux-kernel@vger.kernel.org (open list) Subject: [RFC PATCH v4 2/2] security/inode.c: Add capabilities file. Date: Mon, 25 Jul 2022 14:41:23 +0200 Message-Id: <20220725124123.12975-3-flaniel@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220725124123.12975-1-flaniel@linux.microsoft.com> References: <20220725124123.12975-1-flaniel@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This new read-only file prints the capabilities values with their names: cat /sys/kernel/security/capabilities 0 CAP_CHOWN 1 CAP_DAC_OVERRIDE ... 40 CAP_CHECKPOINT_RESTORE Acked-by: Casey Schaufler Signed-off-by: Francis Laniel --- security/inode.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/security/inode.c b/security/inode.c index 6c326939750d..6da87ae5a8d6 100644 --- a/security/inode.c +++ b/security/inode.c @@ -21,6 +21,7 @@ #include #include #include +#include static struct vfsmount *mount; static int mount_count; @@ -328,6 +329,19 @@ static const struct file_operations lsm_ops = { }; #endif +static struct dentry *capabilities_dentry; +static ssize_t capabilities_read(struct file *unused, char __user *buf, + size_t count, loff_t *ppos) +{ + return simple_read_from_buffer(buf, count, ppos, cap_string, + strlen(cap_string)); +} + +static const struct file_operations capabilities_ops = { + .read = capabilities_read, + .llseek = generic_file_llseek, +}; + static int __init securityfs_init(void) { int retval; @@ -345,6 +359,8 @@ static int __init securityfs_init(void) lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, &lsm_ops); #endif + capabilities_dentry = securityfs_create_file("capabilities", 0444, NULL, + NULL, &capabilities_ops); return 0; } core_initcall(securityfs_init); -- 2.25.1