From mboxrd@z Thu Jan 1 00:00:00 1970 From: fs.rajat@gmail.com (Rajat Sharma) Date: Thu, 30 Dec 2010 12:40:01 +0530 Subject: Blocking the access to the device files. In-Reply-To: <20101230002439.GA2774@bimsstein> References: <20101230002439.GA2774@bimsstein> Message-ID: To: kernelnewbies@lists.kernelnewbies.org List-Id: kernelnewbies.lists.kernelnewbies.org Henry is right, nodev is the option for you, it passes down MS_NODEV flag to kernel which in turn sets MNT_NODEV flag in mount object, which open system call checks and return -EACCES if device it is a device node, snippet from linux/fs/namei.c: case S_IFBLK: case S_IFCHR: if (path->mnt->mnt_flags & MNT_NODEV) return -EACCES; The case which Greg was mentioning, I think that is solved through exclusive open call to block device in exclusive mode with open_bdev_exclusive. This allows only one opener of block device at a time, i.e. Filesystem is the exclusive opener of block device which mounting the block device, e.g. ext2_get_sb() -> get_sb_bdev() -> open_bdev_exclusive(); Rajat On Thu, Dec 30, 2010 at 5:54 AM, Henry Gebhardt wrote: > On Wed, Dec 29, 2010 at 11:32:18PM +0000, Prasad Joshi wrote: >> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa >> wrote: >> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi wrote: >> >> Hello All, >> >> >> >> ZFS file system has a property called devices. If turned off, ZFS >> >> would not allow access to the device files (block/character) present >> >> on the file system. I want to implement the same behavior on the a >> >> Linux File System. >> > >> > I don't know about ZFS, so could you please elaborate on what you mean >> > by "ZFS could disallow access"? >> >> I am really sorry that I was not clear with the first mail. Thanks a >> lot for all mail replies and for sharing important information. >> By not disallowing access to device files I ment >> >> root at prasad-laptop:~# mount disk -o loop arm/ >> >> root at prasad-laptop:~/arm# mount -t ext3 >> /dev/loop0 on /home/prasad/arm type ext3 (rw) >> >> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM >> root at prasad-laptop:~/arm# mknod zero c 1 5 >> >> root at prasad-laptop:~/arm# ls >> lost+found ?zero >> >> root at prasad-laptop:~/arm# ls -l >> total 12 >> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found >> crw-r--r-- 1 root root ?1, 5 2010-12-23 11:28 zero >> >> root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K >> dd: writing `disk': No space left on device >> 9313+0 records in >> 9312+0 records out >> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s >> >> root at prasad-laptop:~/arm# ls -l >> total 93499 >> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk >> drwx------ 2 root root ? ?12288 2010-12-23 11:28 lost+found >> crw-r--r-- 1 root root ? ? 1, 5 2010-12-23 11:28 zero >> >> Here the file system allowed access to the device file named zero. The >> requirement is to turn off the access to all of the device files >> present on the mounted file system. ie. considering the above case >> access (open/read/write) to/from device zero should not be allowed >> (even by root user). I don't know why would one create a device file >> on a file system other than /dev. >> >> I could modify the open code to check if the file the file being >> opened is device file then return either EPERM or EACCESS (not sure >> which one). But before modifying the code I thought of checking mount >> flags, could not find one, hence thought of asking on mailing list. >> >> Thanks a lot for wonderful replies and sharing valuable information. >> Hope the example above has made the requirement clear. >> > > Maybe I, too, am completely misunderstanding you, but does the nodev > option do what you want? ?From the mount manpage: > > ? ?nodev - Do not interpret character or block special devices on the > ? ?file system. > > Use like so: > > ? ?$ mount disk -o loop,nodev arm/ > > You can still create device special files, you just can't access them. > > Greetings, > Henry > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies >