[RFC 1/3] apparmor: use SB_* flags for private sb flags

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Luis Chamberlain <mcgrof@kernel.org>
To: viro@zeniv.linux.org.uk
Cc: linux-fsdevel@vger.kernel.org, p.raghav@samsung.com,
	hch@infradead.org, john.johansen@canonical.com,
	dhowells@redhat.com, mcgrof@kernel.org,
	Al Viro <viro@ZenIV.linux.org.uk>
Subject: [RFC 1/3] apparmor: use SB_* flags for private sb flags
Date: Mon,  9 Jan 2023 18:25:52 -0800	[thread overview]
Message-ID: <20230110022554.1186499-2-mcgrof@kernel.org> (raw)
In-Reply-To: <20230110022554.1186499-1-mcgrof@kernel.org>

Commit 2ea3ffb7782 ("apparmor: add mount mediation") John Johansen
added mount mediation support. However just the day before this commit
David Howells modified the internal sb flags through commit e462ec50cb5
("VFS: Differentiate mount flags (MS_*) from internal superblock flags").

Use the modified sb flags to make things clear and avoid further uses
of the old MS_* flags for superblock internal flags. This will let us
later remove the MS_* sb internal flags as userspace should not be
using them.

This commit does not fix anything as the old flags used map to the
same bitmask, this just tidies things up. I split up the flags to
make it clearer which ones are for the superblock and used internally.

Cc: John Johansen <john.johansen@canonical.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
 security/apparmor/include/mount.h | 3 ++-
 security/apparmor/lsm.c           | 1 +
 security/apparmor/mount.c         | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h
index a710683b2496..f90e03405e38 100644
--- a/security/apparmor/include/mount.h
+++ b/security/apparmor/include/mount.h
@@ -23,7 +23,8 @@
 #define AA_AUDIT_DATA		0x40
 #define AA_MNT_CONT_MATCH	0x40
 
-#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
+#define AA_MS_IGNORE_MASK (MS_KERNMOUNT)
+#define AA_SB_IGNORE_MASK (SB_NOSEC | SB_ACTIVE | SB_BORN)
 
 int aa_remount(struct aa_label *label, const struct path *path,
 	       unsigned long flags, void *data);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index c6728a629437..f3880956bffd 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -583,6 +583,7 @@ static int apparmor_sb_mount(const char *dev_name, const struct path *path,
 		flags &= ~MS_MGC_MSK;
 
 	flags &= ~AA_MS_IGNORE_MASK;
+	flags &= ~AA_SB_IGNORE_MASK;
 
 	label = __begin_current_label_crit_section();
 	if (!unconfined(label)) {
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
index cdfa430ae216..c37c451e8226 100644
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -74,7 +74,7 @@ static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags)
 		audit_log_format(ab, ", iversion");
 	if (flags & MS_STRICTATIME)
 		audit_log_format(ab, ", strictatime");
-	if (flags & MS_NOUSER)
+	if (flags & SB_NOUSER)
 		audit_log_format(ab, ", nouser");
 }
 
-- 
2.35.1

next prev parent reply	other threads:[~2023-01-10  2:26 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-10  2:25 [RFC 0/3] fs: kill old ms_* flags for internal sb Luis Chamberlain
2023-01-10  2:25 ` Luis Chamberlain [this message]
2023-01-10 23:40   ` [RFC 1/3] apparmor: use SB_* flags for private sb flags Al Viro
2023-01-10  2:25 ` [RFC 2/3] fs: use SB_NOUSER on path_mount() instead of deprecated MS_NOUSER Luis Chamberlain
2023-01-10 23:43   ` Al Viro
2023-01-10  2:25 ` [RFC 3/3] fs: remove old MS_* internal flags for the superblock Luis Chamberlain
2023-01-10 23:54   ` Al Viro

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a710683b249 dfblob:f90e03405e3 dfblob:c6728a62943
dfblob:f3880956bff dfblob:cdfa430ae21 dfblob:c37c451e822 )
 OR (
bs:"[RFC 1/3] apparmor: use SB_* flags for private sb flags" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230110022554.1186499-2-mcgrof@kernel.org \
    --to=mcgrof@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=hch@infradead.org \
    --cc=john.johansen@canonical.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=p.raghav@samsung.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.