From: Steve Dickson <SteveD@redhat.com>
To: Trond Myklebust <Trond.Myklebust@netapp.com>,
"David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: Linux NFS list <linux-nfs@vger.kernel.org>,
Linux FS devel list <linux-fsdevel@vger.kernel.org>,
Linux Security List <linux-security-module@vger.kernel.org>,
SELinux List <selinux@tycho.nsa.gov>
Subject: [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry.
Date: Wed, 22 May 2013 12:50:34 -0400 [thread overview]
Message-ID: <1369241446-7680-2-git-send-email-SteveD@redhat.com> (raw)
In-Reply-To: <1369241446-7680-1-git-send-email-SteveD@redhat.com>
From: Steve Dickson <steved@redhat.com>
There is a time where we need to calculate a context without the
inode having been created yet. To do this we take the negative dentry and
calculate a context based on the process and the parent directory contexts.
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Matthew N. Dodd <Matthew.Dodd@sparta.com>
Signed-off-by: Miguel Rodel Felipe <Rodel_FM@dsi.a-star.edu.sg>
Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene@dsi.a-star.edu.sg>
Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG@dsi.a-star.edu.sg>
---
include/linux/security.h | 27 +++++++++++++++++++++++++++
security/capability.c | 8 ++++++++
security/security.c | 10 ++++++++++
security/selinux/hooks.c | 35 +++++++++++++++++++++++++++++++++++
4 files changed, 80 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 4686491..c2af462 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -26,6 +26,7 @@
#include <linux/capability.h>
#include <linux/slab.h>
#include <linux/err.h>
+#include <linux/string.h>
struct linux_binprm;
struct cred;
@@ -306,6 +307,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Parse a string of security data filling in the opts structure
* @options string containing all mount options known by the LSM
* @opts binary data structure usable by the LSM
+ * @dentry_init_security:
+ * Compute a context for a dentry as the inode is not yet available
+ * since NFSv4 has no label backed by an EA anyway.
+ * @dentry dentry to use in calculating the context.
+ * @mode mode used to determine resource type.
+ * @name name of the last path component used to create file
+ * @ctx pointer to place the pointer to the resulting context in.
+ * @ctxlen point to place the length of the resulting context.
+ *
*
* Security hooks for inode operations.
*
@@ -1443,6 +1453,10 @@ struct security_operations {
int (*sb_clone_mnt_opts) (const struct super_block *oldsb,
struct super_block *newsb);
int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
+ int (*dentry_init_security) (struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen);
+
#ifdef CONFIG_SECURITY_PATH
int (*path_unlink) (struct path *dir, struct dentry *dentry);
@@ -1729,6 +1743,9 @@ int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *o
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb);
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
+int security_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen);
int security_inode_alloc(struct inode *inode);
void security_inode_free(struct inode *inode);
@@ -2035,6 +2052,16 @@ static inline int security_inode_alloc(struct inode *inode)
static inline void security_inode_free(struct inode *inode)
{ }
+static inline int security_dentry_init_security(struct dentry *dentry,
+ int mode,
+ struct qstr *name,
+ void **ctx,
+ u32 *ctxlen)
+{
+ return -EOPNOTSUPP;
+}
+
+
static inline int security_inode_init_security(struct inode *inode,
struct inode *dir,
const struct qstr *qstr,
diff --git a/security/capability.c b/security/capability.c
index 83efc90..7aeec66 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -109,6 +109,13 @@ static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
return 0;
}
+static int cap_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ return 0;
+}
+
static int cap_inode_alloc_security(struct inode *inode)
{
return 0;
@@ -931,6 +938,7 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, sb_set_mnt_opts);
set_to_cap_if_null(ops, sb_clone_mnt_opts);
set_to_cap_if_null(ops, sb_parse_opts_str);
+ set_to_cap_if_null(ops, dentry_init_security);
set_to_cap_if_null(ops, inode_alloc_security);
set_to_cap_if_null(ops, inode_free_security);
set_to_cap_if_null(ops, inode_init_security);
diff --git a/security/security.c b/security/security.c
index a3dce87..0fe2b2e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -12,6 +12,7 @@
*/
#include <linux/capability.h>
+#include <linux/dcache.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
@@ -324,6 +325,15 @@ void security_inode_free(struct inode *inode)
security_ops->inode_free_security(inode);
}
+int security_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ return security_ops->dentry_init_security(dentry, mode, name,
+ ctx, ctxlen);
+}
+EXPORT_SYMBOL(security_dentry_init_security);
+
int security_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr,
const initxattrs initxattrs, void *fs_data)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5c6f2cd..b1f7bd7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2515,6 +2515,40 @@ static void selinux_inode_free_security(struct inode *inode)
inode_free_security(inode);
}
+static int selinux_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ const struct cred *cred = current_cred();
+ struct task_security_struct *tsec;
+ struct inode_security_struct *dsec;
+ struct superblock_security_struct *sbsec;
+ struct inode *dir = dentry->d_parent->d_inode;
+ u32 newsid;
+ int rc;
+
+ tsec = cred->security;
+ dsec = dir->i_security;
+ sbsec = dir->i_sb->s_security;
+
+ if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
+ newsid = tsec->create_sid;
+ } else {
+ rc = security_transition_sid(tsec->sid, dsec->sid,
+ inode_mode_to_security_class(mode),
+ name,
+ &newsid);
+ if (rc) {
+ printk(KERN_WARNING
+ "%s: security_transition_sid failed, rc=%d\n",
+ __func__, -rc);
+ return rc;
+ }
+ }
+
+ return security_sid_to_context(newsid, (char **)ctx, ctxlen);
+}
+
static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr, char **name,
void **value, size_t *len)
@@ -5562,6 +5596,7 @@ static struct security_operations selinux_ops = {
.sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
.sb_parse_opts_str = selinux_parse_opts_str,
+ .dentry_init_security = selinux_dentry_init_security,
.inode_alloc_security = selinux_inode_alloc_security,
.inode_free_security = selinux_inode_free_security,
--
1.8.1.4
WARNING: multiple messages have this Message-ID (diff)
From: Steve Dickson <SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Trond Myklebust
<Trond.Myklebust-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>,
"David P. Quigley"
<dpquigl-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
Cc: Linux NFS list
<linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux FS devel list
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux Security List
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
SELinux List <selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
Subject: [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry.
Date: Wed, 22 May 2013 12:50:34 -0400 [thread overview]
Message-ID: <1369241446-7680-2-git-send-email-SteveD@redhat.com> (raw)
In-Reply-To: <1369241446-7680-1-git-send-email-SteveD-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
From: Steve Dickson <steved-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
There is a time where we need to calculate a context without the
inode having been created yet. To do this we take the negative dentry and
calculate a context based on the process and the parent directory contexts.
Acked-by: Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Acked-by: James Morris <james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Signed-off-by: Matthew N. Dodd <Matthew.Dodd-DABiIiYg7OfQT0dZR+AlfA@public.gmane.org>
Signed-off-by: Miguel Rodel Felipe <Rodel_FM-geVtEqcQUv4Eyxwt80+Gtti2O/JbrIOy@public.gmane.org>
Signed-off-by: Phua Eu Gene <PHUA_Eu_Gene-geVtEqcQUv4Eyxwt80+Gtti2O/JbrIOy@public.gmane.org>
Signed-off-by: Khin Mi Mi Aung <Mi_Mi_AUNG-geVtEqcQUv4Eyxwt80+Gtti2O/JbrIOy@public.gmane.org>
---
include/linux/security.h | 27 +++++++++++++++++++++++++++
security/capability.c | 8 ++++++++
security/security.c | 10 ++++++++++
security/selinux/hooks.c | 35 +++++++++++++++++++++++++++++++++++
4 files changed, 80 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 4686491..c2af462 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -26,6 +26,7 @@
#include <linux/capability.h>
#include <linux/slab.h>
#include <linux/err.h>
+#include <linux/string.h>
struct linux_binprm;
struct cred;
@@ -306,6 +307,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Parse a string of security data filling in the opts structure
* @options string containing all mount options known by the LSM
* @opts binary data structure usable by the LSM
+ * @dentry_init_security:
+ * Compute a context for a dentry as the inode is not yet available
+ * since NFSv4 has no label backed by an EA anyway.
+ * @dentry dentry to use in calculating the context.
+ * @mode mode used to determine resource type.
+ * @name name of the last path component used to create file
+ * @ctx pointer to place the pointer to the resulting context in.
+ * @ctxlen point to place the length of the resulting context.
+ *
*
* Security hooks for inode operations.
*
@@ -1443,6 +1453,10 @@ struct security_operations {
int (*sb_clone_mnt_opts) (const struct super_block *oldsb,
struct super_block *newsb);
int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
+ int (*dentry_init_security) (struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen);
+
#ifdef CONFIG_SECURITY_PATH
int (*path_unlink) (struct path *dir, struct dentry *dentry);
@@ -1729,6 +1743,9 @@ int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *o
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb);
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
+int security_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen);
int security_inode_alloc(struct inode *inode);
void security_inode_free(struct inode *inode);
@@ -2035,6 +2052,16 @@ static inline int security_inode_alloc(struct inode *inode)
static inline void security_inode_free(struct inode *inode)
{ }
+static inline int security_dentry_init_security(struct dentry *dentry,
+ int mode,
+ struct qstr *name,
+ void **ctx,
+ u32 *ctxlen)
+{
+ return -EOPNOTSUPP;
+}
+
+
static inline int security_inode_init_security(struct inode *inode,
struct inode *dir,
const struct qstr *qstr,
diff --git a/security/capability.c b/security/capability.c
index 83efc90..7aeec66 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -109,6 +109,13 @@ static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
return 0;
}
+static int cap_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ return 0;
+}
+
static int cap_inode_alloc_security(struct inode *inode)
{
return 0;
@@ -931,6 +938,7 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, sb_set_mnt_opts);
set_to_cap_if_null(ops, sb_clone_mnt_opts);
set_to_cap_if_null(ops, sb_parse_opts_str);
+ set_to_cap_if_null(ops, dentry_init_security);
set_to_cap_if_null(ops, inode_alloc_security);
set_to_cap_if_null(ops, inode_free_security);
set_to_cap_if_null(ops, inode_init_security);
diff --git a/security/security.c b/security/security.c
index a3dce87..0fe2b2e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -12,6 +12,7 @@
*/
#include <linux/capability.h>
+#include <linux/dcache.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
@@ -324,6 +325,15 @@ void security_inode_free(struct inode *inode)
security_ops->inode_free_security(inode);
}
+int security_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ return security_ops->dentry_init_security(dentry, mode, name,
+ ctx, ctxlen);
+}
+EXPORT_SYMBOL(security_dentry_init_security);
+
int security_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr,
const initxattrs initxattrs, void *fs_data)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5c6f2cd..b1f7bd7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2515,6 +2515,40 @@ static void selinux_inode_free_security(struct inode *inode)
inode_free_security(inode);
}
+static int selinux_dentry_init_security(struct dentry *dentry, int mode,
+ struct qstr *name, void **ctx,
+ u32 *ctxlen)
+{
+ const struct cred *cred = current_cred();
+ struct task_security_struct *tsec;
+ struct inode_security_struct *dsec;
+ struct superblock_security_struct *sbsec;
+ struct inode *dir = dentry->d_parent->d_inode;
+ u32 newsid;
+ int rc;
+
+ tsec = cred->security;
+ dsec = dir->i_security;
+ sbsec = dir->i_sb->s_security;
+
+ if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
+ newsid = tsec->create_sid;
+ } else {
+ rc = security_transition_sid(tsec->sid, dsec->sid,
+ inode_mode_to_security_class(mode),
+ name,
+ &newsid);
+ if (rc) {
+ printk(KERN_WARNING
+ "%s: security_transition_sid failed, rc=%d\n",
+ __func__, -rc);
+ return rc;
+ }
+ }
+
+ return security_sid_to_context(newsid, (char **)ctx, ctxlen);
+}
+
static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr, char **name,
void **value, size_t *len)
@@ -5562,6 +5596,7 @@ static struct security_operations selinux_ops = {
.sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
.sb_parse_opts_str = selinux_parse_opts_str,
+ .dentry_init_security = selinux_dentry_init_security,
.inode_alloc_security = selinux_inode_alloc_security,
.inode_free_security = selinux_inode_free_security,
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2013-05-22 16:50 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-22 16:50 [PATCH 00/13] lnfs: 3.10-rc2 release Steve Dickson
2013-05-22 16:50 ` Steve Dickson [this message]
2013-05-22 16:50 ` [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2013-05-22 16:50 ` [PATCH 02/13] Security: Add Hook to test if the particular xattr is part of a MAC model Steve Dickson
2013-05-22 16:50 ` [PATCH 03/13] LSM: Add flags field to security_sb_set_mnt_opts for in kernel mount data Steve Dickson
2013-05-22 16:50 ` [PATCH 04/13] SELinux: Add new labeling type native labels Steve Dickson
2013-05-22 16:50 ` Steve Dickson
2013-05-22 16:50 ` [PATCH 05/13] NFSv4.2: Added NFS v4.2 support to the NFS client Steve Dickson
2013-05-22 16:50 ` [PATCH 06/13] NFSv4: Add label recommended attribute and NFSv4 flags Steve Dickson
2013-05-22 16:50 ` [PATCH 07/13] NFSv4: Introduce new label structure Steve Dickson
2013-05-22 16:50 ` Steve Dickson
2013-05-22 16:50 ` [PATCH 08/13] NFSv4: Extend fattr bitmaps to support all 3 words Steve Dickson
2013-05-22 16:50 ` Steve Dickson
2013-05-22 16:50 ` [PATCH 09/13] NFS:Add labels to client function prototypes Steve Dickson
2013-05-22 16:50 ` [PATCH 10/13] NFS: Add label lifecycle management Steve Dickson
2013-05-22 16:50 ` [PATCH 11/13] NFS: Client implementation of Labeled-NFS Steve Dickson
2013-05-22 16:50 ` [PATCH 12/13] NFS: Extend NFS xattr handlers to accept the security namespace Steve Dickson
2013-05-22 16:50 ` Steve Dickson
2013-05-22 16:50 ` [PATCH 13/13] Kconfig: Add Kconfig entry for Labeled NFS V4 client Steve Dickson
2013-05-30 19:53 ` [PATCH 00/13] lnfs: 3.10-rc2 release Myklebust, Trond
2013-05-30 19:53 ` Myklebust, Trond
2013-05-31 21:11 ` Steve Dickson
2013-05-31 21:11 ` Steve Dickson
-- strict thread matches above, loose matches on Subject: below --
2013-05-16 15:56 Froe e71bf1d708e1294b3bae64d04f03228b3625f2a3 Mon Sep 17 00:00:00 2001 Steve Dickson
2013-05-16 15:56 ` [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2013-05-20 21:14 ` Eric Paris
2013-05-20 21:14 ` Eric Paris
2013-05-20 21:14 ` Eric Paris
2013-05-13 19:11 [PATCH 00/13] lnfs: linux-3.10-rc1 release Steve Dickson
2013-05-13 19:11 ` [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2012-12-17 15:42 [PATCH 00/13] NFSv4: Label NFS Patches Steve Dickson
2012-12-17 15:42 ` [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry Steve Dickson
2012-11-12 6:15 Labeled NFS [v5] David Quigley
2012-11-12 6:15 ` [PATCH 01/13] Security: Add hook to calculate context based on a negative dentry David Quigley
2012-11-12 6:15 ` David Quigley
2012-11-12 12:13 ` J. Bruce Fields
2012-11-12 14:52 ` Dave Quigley
2012-11-12 14:52 ` Dave Quigley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1369241446-7680-2-git-send-email-SteveD@redhat.com \
--to=steved@redhat.com \
--cc=Trond.Myklebust@netapp.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.