[PATCH] sandbox/seunshare: switch seunshare_mount

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] sandbox/seunshare: switch seunshare_mount_file() to use open()
@ 2026-05-12 19:26 Stephen Smalley
  2026-05-14 12:44 ` Petr Lautrbach
  0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2026-05-12 19:26 UTC (permalink / raw)
  To: selinux; +Cc: jwcart2, plautrba, omosnace, paul, perfinion, Stephen Smalley

seunshare_mount_file() currently uses fopen() to create the dst
if it doesn't already exist. Switch to using open() with
explicitly specified flags including O_NOFOLLOW and an explicitly
specified mode for the new file.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 sandbox/seunshare.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
index a1900eaa..17a727e7 100644
--- a/sandbox/seunshare.c
+++ b/sandbox/seunshare.c
@@ -304,18 +304,20 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
  */
 static int seunshare_mount_file(const char *src, const char *dst)
 {
-	int flags = 0;
-
 	if (verbose)
 		printf(_("Mounting %s on %s\n"), src, dst);
 
 	if (access(dst, F_OK) == -1) {
-		 FILE *fptr;
-         fptr = fopen(dst, "w");
-		 fclose(fptr);
+		int fd = open(dst, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0600);
+		if (fd < 0) {
+			fprintf(stderr, _("Failed to create mount point %s: %m\n"), dst);
+			return -1;
+		}
+		close(fd);
 	}
+
 	/* mount file */
-	if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
+	if (mount(src, dst, NULL, MS_BIND, NULL) < 0) {
 		fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
 		return -1;
 	}
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] sandbox/seunshare: switch seunshare_mount_file() to use open()
  2026-05-12 19:26 [PATCH] sandbox/seunshare: switch seunshare_mount_file() to use open() Stephen Smalley
@ 2026-05-14 12:44 ` Petr Lautrbach
  2026-05-14 15:16   ` Stephen Smalley
  2026-05-15 14:08   ` Petr Lautrbach
  0 siblings, 2 replies; 4+ messages in thread
From: Petr Lautrbach @ 2026-05-14 12:44 UTC (permalink / raw)
  To: Stephen Smalley, selinux
  Cc: jwcart2, omosnace, paul, perfinion, Stephen Smalley

Stephen Smalley <stephen.smalley.work@gmail.com> writes:

> seunshare_mount_file() currently uses fopen() to create the dst
> if it doesn't already exist. Switch to using open() with
> explicitly specified flags including O_NOFOLLOW and an explicitly
> specified mode for the new file.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>

Acked-by: Petr Lautrbach <lautrbach@redhat.com>

> ---
>  sandbox/seunshare.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
> index a1900eaa..17a727e7 100644
> --- a/sandbox/seunshare.c
> +++ b/sandbox/seunshare.c
> @@ -304,18 +304,20 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
>   */
>  static int seunshare_mount_file(const char *src, const char *dst)
>  {
> -	int flags = 0;
> -
>  	if (verbose)
>  		printf(_("Mounting %s on %s\n"), src, dst);
>  
>  	if (access(dst, F_OK) == -1) {
> -		 FILE *fptr;
> -         fptr = fopen(dst, "w");
> -		 fclose(fptr);
> +		int fd = open(dst, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0600);
> +		if (fd < 0) {
> +			fprintf(stderr, _("Failed to create mount point %s: %m\n"), dst);
> +			return -1;
> +		}
> +		close(fd);
>  	}
> +
>  	/* mount file */
> -	if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
> +	if (mount(src, dst, NULL, MS_BIND, NULL) < 0) {
>  		fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
>  		return -1;
>  	}
> -- 
> 2.54.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] sandbox/seunshare: switch seunshare_mount_file() to use open()
  2026-05-14 12:44 ` Petr Lautrbach
@ 2026-05-14 15:16   ` Stephen Smalley
  2026-05-15 14:08   ` Petr Lautrbach
  1 sibling, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2026-05-14 15:16 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: selinux, jwcart2, omosnace, paul, perfinion

On Thu, May 14, 2026 at 8:44 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> Stephen Smalley <stephen.smalley.work@gmail.com> writes:
>
> > seunshare_mount_file() currently uses fopen() to create the dst
> > if it doesn't already exist. Switch to using open() with
> > explicitly specified flags including O_NOFOLLOW and an explicitly
> > specified mode for the new file.
> >
> > Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
>
> Acked-by: Petr Lautrbach <lautrbach@redhat.com>

Thanks for the Acks; let me know if you plan to merge or if I should.
Also, I was wondering what if any validation we want to do for
seunshare_mount_file src/dst files before calling mount() on them;
there aren't currently verify_directory/check_owner_uid() calls for
them unlike for the directories passed to seunshare_mount().

>
> > ---
> >  sandbox/seunshare.c | 14 ++++++++------
> >  1 file changed, 8 insertions(+), 6 deletions(-)
> >
> > diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
> > index a1900eaa..17a727e7 100644
> > --- a/sandbox/seunshare.c
> > +++ b/sandbox/seunshare.c
> > @@ -304,18 +304,20 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
> >   */
> >  static int seunshare_mount_file(const char *src, const char *dst)
> >  {
> > -     int flags = 0;
> > -
> >       if (verbose)
> >               printf(_("Mounting %s on %s\n"), src, dst);
> >
> >       if (access(dst, F_OK) == -1) {
> > -              FILE *fptr;
> > -         fptr = fopen(dst, "w");
> > -              fclose(fptr);
> > +             int fd = open(dst, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0600);
> > +             if (fd < 0) {
> > +                     fprintf(stderr, _("Failed to create mount point %s: %m\n"), dst);
> > +                     return -1;
> > +             }
> > +             close(fd);
> >       }
> > +
> >       /* mount file */
> > -     if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
> > +     if (mount(src, dst, NULL, MS_BIND, NULL) < 0) {
> >               fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
> >               return -1;
> >       }
> > --
> > 2.54.0
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] sandbox/seunshare: switch seunshare_mount_file() to use open()
  2026-05-14 12:44 ` Petr Lautrbach
  2026-05-14 15:16   ` Stephen Smalley
@ 2026-05-15 14:08   ` Petr Lautrbach
  1 sibling, 0 replies; 4+ messages in thread
From: Petr Lautrbach @ 2026-05-15 14:08 UTC (permalink / raw)
  To: Stephen Smalley, selinux
  Cc: jwcart2, omosnace, paul, perfinion, Stephen Smalley

Petr Lautrbach <plautrba@redhat.com> writes:

> Stephen Smalley <stephen.smalley.work@gmail.com> writes:
>
>> seunshare_mount_file() currently uses fopen() to create the dst
>> if it doesn't already exist. Switch to using open() with
>> explicitly specified flags including O_NOFOLLOW and an explicitly
>> specified mode for the new file.
>>
>> Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
>
> Acked-by: Petr Lautrbach <lautrbach@redhat.com>

Merged, thanks!


>> ---
>>  sandbox/seunshare.c | 14 ++++++++------
>>  1 file changed, 8 insertions(+), 6 deletions(-)
>>
>> diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
>> index a1900eaa..17a727e7 100644
>> --- a/sandbox/seunshare.c
>> +++ b/sandbox/seunshare.c
>> @@ -304,18 +304,20 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
>>   */
>>  static int seunshare_mount_file(const char *src, const char *dst)
>>  {
>> -	int flags = 0;
>> -
>>  	if (verbose)
>>  		printf(_("Mounting %s on %s\n"), src, dst);
>>  
>>  	if (access(dst, F_OK) == -1) {
>> -		 FILE *fptr;
>> -         fptr = fopen(dst, "w");
>> -		 fclose(fptr);
>> +		int fd = open(dst, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0600);
>> +		if (fd < 0) {
>> +			fprintf(stderr, _("Failed to create mount point %s: %m\n"), dst);
>> +			return -1;
>> +		}
>> +		close(fd);
>>  	}
>> +
>>  	/* mount file */
>> -	if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
>> +	if (mount(src, dst, NULL, MS_BIND, NULL) < 0) {
>>  		fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
>>  		return -1;
>>  	}
>> -- 
>> 2.54.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-05-15 14:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-12 19:26 [PATCH] sandbox/seunshare: switch seunshare_mount_file() to use open() Stephen Smalley
2026-05-14 12:44 ` Petr Lautrbach
2026-05-14 15:16   ` Stephen Smalley
2026-05-15 14:08   ` Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.