fuse

fuse

[Luke Kenneth Casson Leighton]

has anyone thought about how fuse (file system in userspace) would fit
in with selinux?

i am going to be using fuse's fusexmp example program [in a
production environment] to solve the problem of users removing
usb media without warning.

fusexmp provides stateless proxy access to a linux filesystem,
so if HAL chops off /media/usbdisk1 without warning, then the
fusexmp mountpoint (say /home/user/proxyroot/media/usbdisk1)
just... doesn't _care_.

l.


-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: fuse

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 562 bytes --]

On Wed, 22 Sep 2004 01:55:09 BST, Luke Kenneth Casson Leighton said:

> fusexmp provides stateless proxy access to a linux filesystem,
> so if HAL chops off /media/usbdisk1 without warning, then the
> fusexmp mountpoint (say /home/user/proxyroot/media/usbdisk1)
> just... doesn't _care_.

Somehow, I can't convince myself that isn't a good way to livelock the kernel
because the VFS has locked something and then gone away for a LONG time in
userspace - mostly because I've seen it all too many times with an NFS mount
that includes 'hard' but *not* 'intr'...)


[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: fuse

[Luke Kenneth Casson Leighton]

On Wed, Sep 22, 2004 at 09:55:49AM -0400, Valdis.Kletnieks@vt.edu wrote:
> On Wed, 22 Sep 2004 01:55:09 BST, Luke Kenneth Casson Leighton said:
> 
> > fusexmp provides stateless proxy access to a linux filesystem,
> > so if HAL chops off /media/usbdisk1 without warning, then the
> > fusexmp mountpoint (say /home/user/proxyroot/media/usbdisk1)
> > just... doesn't _care_.
> 
> Somehow, I can't convince myself that isn't a good way to livelock the kernel
> because the VFS has locked something and then gone away for a LONG time in
> userspace - mostly because I've seen it all too many times with an NFS mount
> that includes 'hard' but *not* 'intr'...)
 
 well, if there existed a kernel filesystem "proxy" module i'd use that
 instead, like a shot.


 i _have_ encountered some weird VFS messages i'll let you know how i
 get on: they're due to a DVD being forcibly mounted (by KDE) and so
 i can't get it back.

 a umount /media/dvdrom says "Device busy".
 
 a umount -lf /media/dvdrom results in the weird VFS message.


-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: fuse

[Russell Coker]

On Wed, 22 Sep 2004 10:55, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> has anyone thought about how fuse (file system in userspace) would fit
> in with selinux?

In what way would it be different from any other file system?

Naturally you would need appropriate policy for the proxy program, but that 
should not be difficult to write.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: fuse

[Luke Kenneth Casson Leighton]

On Thu, Sep 23, 2004 at 04:24:55AM +1000, Russell Coker wrote:
> On Wed, 22 Sep 2004 10:55, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > has anyone thought about how fuse (file system in userspace) would fit
> > in with selinux?
> 
> In what way would it be different from any other file system?
 
 oh, sorry, i should have said: fscontext, that sort of thing.

 because it doesn't look like there's a way to pass fscontext
 arguments to the fuse module, and it uses man 2 mount() which
 doesn't take any arguments (except some flags, nothing that
 looks remotely like it could be used to pass an fscontext=),
 only the source and destination of the mount point
 (source = /proc/fs/fuse/dev, dest = /yourmountpoint).


> Naturally you would need appropriate policy for the proxy program, but that 
> should not be difficult to write.

 i'm looking forward to it :)

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: fuse

[Stephen Smalley]

On Wed, 2004-09-22 at 15:22, Luke Kenneth Casson Leighton wrote:
>  oh, sorry, i should have said: fscontext, that sort of thing.
> 
>  because it doesn't look like there's a way to pass fscontext
>  arguments to the fuse module, and it uses man 2 mount() which
>  doesn't take any arguments (except some flags, nothing that
>  looks remotely like it could be used to pass an fscontext=),
>  only the source and destination of the mount point
>  (source = /proc/fs/fuse/dev, dest = /yourmountpoint).

No special interface for that, just passes the option string via the
data parameter to mount(2).  So if you are using the patched mount
program, and fuse takes the typical string representation of mount
options, then nothing special required to use fscontext=.  Only
filesystems that use a binary struct to pass the data require special
handling, like NFS.


-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: fuse

[Stephen Smalley]

On Fri, 2004-10-08 at 13:21, Stephen Smalley wrote:
> No special interface for that, just passes the option string via the
> data parameter to mount(2).  So if you are using the patched mount
> program, and fuse takes the typical string representation of mount
> options, then nothing special required to use fscontext=.  Only
> filesystems that use a binary struct to pass the data require special
> handling, like NFS.

Actually, you don't even need the patched mount program; that is only
required for the NFS case.  Unpatched mount will happily pass the
context= or fscontext= options down for you.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.