From: Paul Moore <paul@paul-moore.com>
To: Miklos Szeredi <mszeredi@redhat.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, linux-man@vger.kernel.org,
linux-security-module@vger.kernel.org,
Karel Zak <kzak@redhat.com>, Ian Kent <raven@themaw.net>,
David Howells <dhowells@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <christian@brauner.io>,
Amir Goldstein <amir73il@gmail.com>
Subject: Re: [RFC PATCH 2/3] add statmnt(2) syscall
Date: Thu, 14 Sep 2023 16:39:43 -0400 [thread overview]
Message-ID: <CAHC9VhSQb0fYz9FqEu-1jQ1UNsnt-asrKuPt4ufui92GC+=5=Q@mail.gmail.com> (raw)
In-Reply-To: <20230913152238.905247-3-mszeredi@redhat.com>
On Wed, Sep 13, 2023 at 11:23 AM Miklos Szeredi <mszeredi@redhat.com> wrote:
>
> Add a way to query attributes of a single mount instead of having to parse
> the complete /proc/$PID/mountinfo, which might be huge.
>
> Lookup the mount by the old (32bit) or new (64bit) mount ID. If a mount
> needs to be queried based on path, then statx(2) can be used to first query
> the mount ID belonging to the path.
>
> Design is based on a suggestion by Linus:
>
> "So I'd suggest something that is very much like "statfsat()", which gets
> a buffer and a length, and returns an extended "struct statfs" *AND*
> just a string description at the end."
>
> The interface closely mimics that of statx.
>
> Handle ASCII attributes by appending after the end of the structure (as per
> above suggestion). Allow querying multiple string attributes with
> individual offset/length for each. String are nul terminated (termination
> isn't counted in length).
>
> Mount options are also delimited with nul characters. Unlike proc, special
> characters are not quoted.
>
> Link: https://lore.kernel.org/all/CAHk-=wh5YifP7hzKSbwJj94+DZ2czjrZsczy6GBimiogZws=rg@mail.gmail.com/
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> ---
> arch/x86/entry/syscalls/syscall_64.tbl | 1 +
> fs/internal.h | 5 +
> fs/namespace.c | 312 ++++++++++++++++++++++++-
> fs/proc_namespace.c | 19 +-
> fs/statfs.c | 1 +
> include/linux/syscalls.h | 3 +
> include/uapi/asm-generic/unistd.h | 5 +-
> include/uapi/linux/mount.h | 36 +++
> 8 files changed, 373 insertions(+), 9 deletions(-)
...
> diff --git a/fs/namespace.c b/fs/namespace.c
> index de47c5f66e17..088a52043bba 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
...
> +static int do_statmnt(struct stmt_state *s)
> +{
> + struct statmnt *sm = &s->sm;
> + struct mount *m = real_mount(s->mnt);
> +
> + if (!capable(CAP_SYS_ADMIN) &&
> + !is_path_reachable(m, m->mnt.mnt_root, &s->root))
> + return -EPERM;
I realize statmnt() is different from fstatfs(), but from an access
control perspective they look a lot alike to me which is why I think
we should probably have a security_sb_statfs() call here. Same thing
for the listmnt() syscall in patch 3/3.
> + stmt_numeric(s, STMT_SB_BASIC, stmt_sb_basic);
> + stmt_numeric(s, STMT_MNT_BASIC, stmt_mnt_basic);
> + stmt_numeric(s, STMT_PROPAGATE_FROM, stmt_propagate_from);
> + stmt_string(s, STMT_MNT_ROOT, stmt_mnt_root, &sm->mnt_root);
> + stmt_string(s, STMT_MOUNTPOINT, stmt_mountpoint, &sm->mountpoint);
> + stmt_string(s, STMT_FS_TYPE, stmt_fs_type, &sm->fs_type);
> + stmt_string(s, STMT_SB_OPTS, stmt_sb_opts, &sm->sb_opts);
> +
> + if (s->err)
> + return s->err;
> +
> + if (copy_to_user(s->buf, sm, min_t(size_t, s->bufsize, sizeof(*sm))))
> + return -EFAULT;
> +
> + return 0;
> +}
--
paul-moore.com
next prev parent reply other threads:[~2023-09-14 20:40 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 15:22 [RFC PATCH 0/3] quering mount attributes Miklos Szeredi
2023-09-13 15:22 ` [RFC PATCH 1/3] add unique mount ID Miklos Szeredi
2023-09-14 9:03 ` Christian Brauner
2023-09-14 9:30 ` Miklos Szeredi
2023-09-14 9:36 ` Christian Brauner
2023-09-14 9:43 ` Miklos Szeredi
2023-09-14 10:06 ` Christian Brauner
2023-09-15 1:31 ` Ian Kent
2023-09-13 15:22 ` [RFC PATCH 2/3] add statmnt(2) syscall Miklos Szeredi
2023-09-14 6:11 ` Amir Goldstein
2023-09-15 1:05 ` Ian Kent
2023-09-14 9:27 ` Christian Brauner
2023-09-14 10:13 ` Miklos Szeredi
2023-09-14 15:26 ` Christian Brauner
2023-09-15 8:56 ` Miklos Szeredi
2023-09-18 13:51 ` Christian Brauner
2023-09-18 14:14 ` Miklos Szeredi
2023-09-18 14:24 ` Christian Brauner
2023-09-18 14:32 ` Miklos Szeredi
2023-09-18 14:40 ` Christian Brauner
2023-09-18 14:51 ` Miklos Szeredi
2023-09-18 15:22 ` Christian Brauner
2023-09-18 15:39 ` Miklos Szeredi
2023-09-19 0:37 ` Matthew House
2023-09-19 8:02 ` Miklos Szeredi
2023-09-19 9:07 ` Christian Brauner
2023-09-19 10:51 ` Miklos Szeredi
2023-09-19 12:41 ` Christian Brauner
2023-09-19 12:59 ` Miklos Szeredi
2023-09-19 13:18 ` Christian Brauner
2023-09-19 21:28 ` Matthew House
2023-09-20 9:42 ` Miklos Szeredi
2023-09-20 13:26 ` Matthew House
2023-09-21 7:34 ` Miklos Szeredi
2023-09-26 13:48 ` Florian Weimer
2023-09-26 14:06 ` Miklos Szeredi
2023-09-26 14:19 ` Florian Weimer
2023-09-26 14:33 ` Miklos Szeredi
2023-09-26 14:39 ` Florian Weimer
2023-09-26 14:36 ` Christian Brauner
2023-09-26 14:13 ` Christian Brauner
2023-09-18 20:58 ` Andreas Dilger
2023-09-19 12:50 ` Christian Brauner
2023-09-20 0:33 ` Dave Chinner
2023-09-18 14:29 ` Jeff Layton
2023-09-18 14:35 ` Christian Brauner
2023-09-20 9:43 ` David Laight
2023-09-14 20:39 ` Paul Moore [this message]
2023-09-15 9:10 ` Miklos Szeredi
2023-09-17 18:18 ` Sargun Dhillon
2023-09-17 23:36 ` Ian Kent
2023-09-18 13:05 ` Christian Brauner
2023-09-25 12:57 ` Arnd Bergmann
2023-09-25 13:04 ` Christian Brauner
2023-09-25 13:13 ` Miklos Szeredi
2023-09-25 13:19 ` Christian Brauner
2023-09-25 13:20 ` Miklos Szeredi
2023-09-25 15:46 ` Arnd Bergmann
2023-09-26 10:05 ` Christian Brauner
2023-09-27 8:46 ` Miklos Szeredi
2023-09-13 15:22 ` [RFC PATCH 3/3] add listmnt(2) syscall Miklos Szeredi
2023-09-14 6:00 ` Amir Goldstein
2023-09-14 8:50 ` Miklos Szeredi
2023-09-14 10:01 ` Christian Brauner
2023-09-15 1:00 ` Ian Kent
2023-09-17 0:54 ` Matthew House
2023-09-17 14:32 ` Miklos Szeredi
2023-09-18 13:15 ` Christian Brauner
2023-09-19 16:47 ` Paul Moore
2023-09-28 10:07 ` Miklos Szeredi
2023-10-04 19:22 ` Paul Moore
2023-09-14 6:47 ` [RFC PATCH 0/3] quering mount attributes Amir Goldstein
2023-09-15 1:20 ` Ian Kent
2023-09-15 3:06 ` Amir Goldstein
2023-09-16 2:04 ` Ian Kent
2023-09-16 2:19 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhSQb0fYz9FqEu-1jQ1UNsnt-asrKuPt4ufui92GC+=5=Q@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=amir73il@gmail.com \
--cc=christian@brauner.io \
--cc=dhowells@redhat.com \
--cc=kzak@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=raven@themaw.net \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).