From: Vivek Goyal <vgoyal@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: miklos@szeredi.hu, pmoore@redhat.com, casey@schaufler-ca.com,
linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org, dwalsh@redhat.com,
dhowells@redhat.com, viro@ZenIV.linux.org.uk,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files
Date: Wed, 13 Jul 2016 10:56:30 -0400 [thread overview]
Message-ID: <20160713145630.GE16900@redhat.com> (raw)
In-Reply-To: <eecf35d9-707b-5dab-e3e8-273cf221d135@tycho.nsa.gov>
On Wed, Jul 13, 2016 at 10:52:34AM -0400, Stephen Smalley wrote:
> On 07/13/2016 10:44 AM, Vivek Goyal wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
> >
> > This hook can prepare a new set of creds which are suitable for new file
> > creation during copy up. Caller will use new creds to create file and then
> > revert back to old creds and release new creds.
> >
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> > fs/overlayfs/copy_up.c | 18 ++++++++++++++++++
> > include/linux/lsm_hooks.h | 11 +++++++++++
> > include/linux/security.h | 6 ++++++
> > security/security.c | 8 ++++++++
> > 4 files changed, 43 insertions(+)
> >
> > diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> > index 80aa6f1..8ebea18 100644
> > --- a/fs/overlayfs/copy_up.c
> > +++ b/fs/overlayfs/copy_up.c
> > @@ -246,6 +246,8 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
> > struct dentry *upper = NULL;
> > umode_t mode = stat->mode;
> > int err;
> > + const struct cred *old_creds = NULL;
> > + struct cred *new_creds = NULL;
> >
> > newdentry = ovl_lookup_temp(workdir, dentry);
> > err = PTR_ERR(newdentry);
> > @@ -258,10 +260,26 @@ static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir,
> > if (IS_ERR(upper))
> > goto out1;
> >
> > + err = security_inode_copy_up(dentry, &new_creds);
> > + if (err < 0) {
> > + if (new_creds)
> > + put_cred(new_creds);
>
> I think this is a mistake, diverges from how other hooks handle error
> conditions (if the hook allocates, the hook or the security
> infrastructure is responsible for freeing on error return, not the
> caller), and will be prone to double free errors.
Ok, I will get rid of it and assume LSM infrastructure will be responsible
for freeing this in case of error.
Vivek
next prev parent reply other threads:[~2016-07-13 14:56 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-13 14:44 [RFC PATCH 0/9][V3] Overlayfs SELinux Support Vivek Goyal
2016-07-13 14:44 ` [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files Vivek Goyal
2016-07-13 14:52 ` Stephen Smalley
2016-07-13 14:56 ` Vivek Goyal [this message]
2016-07-13 15:13 ` Vivek Goyal
2016-07-14 14:32 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 2/9] selinux: Implementation for inode_copy_up() hook Vivek Goyal
2016-07-13 14:53 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 3/9] security,overlayfs: Provide security hook for copy up of xattrs for overlay file Vivek Goyal
2016-07-14 14:20 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 4/9] selinux: Implementation for inode_copy_up_xattr() hook Vivek Goyal
2016-07-13 14:54 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 5/9] selinux: Pass security pointer to determine_inode_label() Vivek Goyal
2016-07-13 14:56 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files Vivek Goyal
2016-07-13 14:57 ` Stephen Smalley
2016-07-13 14:59 ` Stephen Smalley
2016-07-14 14:29 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 7/9] selinux: Implement dentry_create_files_as() hook Vivek Goyal
2016-07-13 14:59 ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 8/9] overlayfs: Dilute permission checks on lower only if not special file Vivek Goyal
2016-07-14 6:51 ` Miklos Szeredi
2016-07-13 14:44 ` [PATCH 9/9] overlayfs: Append MAY_READ when diluting write checks Vivek Goyal
2016-07-14 6:49 ` Miklos Szeredi
2016-07-21 21:16 ` [RFC PATCH 0/9][V3] Overlayfs SELinux Support Paul Moore
2016-07-21 23:09 ` James Morris
2016-07-22 7:05 ` Miklos Szeredi
2016-07-22 15:33 ` Paul Moore
2016-08-08 12:46 ` Miklos Szeredi
2016-08-08 13:18 ` Paul Moore
2016-08-09 1:19 ` Paul Moore
2016-08-10 9:11 ` Miklos Szeredi
2016-08-10 12:32 ` Paul Moore
2016-08-10 12:52 ` Daniel J Walsh
2016-08-11 12:36 ` Paul Moore
2016-08-11 12:39 ` Daniel J Walsh
2016-08-11 14:06 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160713145630.GE16900@redhat.com \
--to=vgoyal@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=dwalsh@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.