Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Eric Paris <eparis@redhat.com>]

On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> can't compile it without the other half.

I have a question for everyone though.  How are these options used?
SELinux mount options can contain commas.  When sending such options
from userspace they are inside quotes.  Should I go ahead and quote
selinux options so they can be directly used back into mount commands?
Should I just leave them in there without quotes and let anyone who
tries to feel them back into mount figure it out?

I'm ignoring seq_* failures.  Which kinda scares me since it means i
could get half of one option and half of another and the user would not
realize it.  Maybe I should build a single string for each selinux
option and do a single seq_puts() so seq_* failure only means missing
options, not possibly corrupted options...


> 
> Miklos
> 
> ----
> From: Eric Paris <eparis@redhat.com>
> 
> This patch causes SELinux mount options to show up in /proc/mounts.  As
> with other code in the area seq_put errors are ignored.  Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> ---
>  fs/namespace.c           |   12 ++++++----
>  include/linux/security.h |    9 ++++++++
>  security/dummy.c         |    6 +++++
>  security/security.c      |    5 ++++
>  security/selinux/hooks.c |   52 +++++++++++++++++++++++++++++++++++++++++++++--
>  5 files changed, 77 insertions(+), 7 deletions(-)
> 
> Index: vfs-2.6/include/linux/security.h
> ===================================================================
> --- vfs-2.6.orig/include/linux/security.h	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/include/linux/security.h	2008-04-02 10:59:10.000000000 +0200
> @@ -74,6 +74,7 @@ struct xfrm_selector;
>  struct xfrm_policy;
>  struct xfrm_state;
>  struct xfrm_user_sec_ctx;
> +struct seq_file;
>  
>  extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
>  extern int cap_netlink_recv(struct sk_buff *skb, int cap);
> @@ -1259,6 +1260,7 @@ struct security_operations {
>  	void (*sb_free_security) (struct super_block * sb);
>  	int (*sb_copy_data)(char *orig, char *copy);
>  	int (*sb_kern_mount) (struct super_block *sb, void *data);
> +	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
>  	int (*sb_statfs) (struct dentry *dentry);
>  	int (*sb_mount) (char *dev_name, struct path *path,
>  			 char *type, unsigned long flags, void *data);
> @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
>  void security_sb_free(struct super_block *sb);
>  int security_sb_copy_data(char *orig, char *copy);
>  int security_sb_kern_mount(struct super_block *sb, void *data);
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb);
>  int security_sb_statfs(struct dentry *dentry);
>  int security_sb_mount(char *dev_name, struct path *path,
>                         char *type, unsigned long flags, void *data);
> @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
>  	return 0;
>  }
>  
> +static inline int security_sb_show_options(struct seq_file *m,
> +					   struct super_block *sb)
> +{
> +	return 0;
> +}
> +
>  static inline int security_sb_statfs (struct dentry *dentry)
>  {
>  	return 0;
> Index: vfs-2.6/security/dummy.c
> ===================================================================
> --- vfs-2.6.orig/security/dummy.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/dummy.c	2008-04-02 10:59:10.000000000 +0200
> @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
>  	return 0;
>  }
>  
> +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	return 0;
> +}
> +
>  static int dummy_sb_statfs (struct dentry *dentry)
>  {
>  	return 0;
> @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
>  	set_to_dummy_if_null(ops, sb_free_security);
>  	set_to_dummy_if_null(ops, sb_copy_data);
>  	set_to_dummy_if_null(ops, sb_kern_mount);
> +	set_to_dummy_if_null(ops, sb_show_options);
>  	set_to_dummy_if_null(ops, sb_statfs);
>  	set_to_dummy_if_null(ops, sb_mount);
>  	set_to_dummy_if_null(ops, sb_check_sb);
> Index: vfs-2.6/security/security.c
> ===================================================================
> --- vfs-2.6.orig/security/security.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/security.c	2008-04-02 10:59:10.000000000 +0200
> @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
>  	return security_ops->sb_kern_mount(sb, data);
>  }
>  
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	return security_ops->sb_show_options(m, sb);
> +}
> +
>  int security_sb_statfs(struct dentry *dentry)
>  {
>  	return security_ops->sb_statfs(dentry);
> Index: vfs-2.6/security/selinux/hooks.c
> ===================================================================
> --- vfs-2.6.orig/security/selinux/hooks.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/selinux/hooks.c	2008-04-02 10:59:10.000000000 +0200
> @@ -9,7 +9,8 @@
>   *            James Morris <jmorris@redhat.com>
>   *
>   *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
> - *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
> + *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
> + *					   Eric Paris <eparis@redhat.com>
>   *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
>   *                          <dgoeddel@trustedcs.com>
>   *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
> @@ -19,7 +20,7 @@
>   *
>   *	This program is free software; you can redistribute it and/or modify
>   *	it under the terms of the GNU General Public License version 2,
> - *      as published by the Free Software Foundation.
> + *	as published by the Free Software Foundation.
>   */
>  
>  #include <linux/init.h>
> @@ -947,6 +948,52 @@ out_err:
>  	return rc;
>  }
>  
> +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
> +{
> +	int i;
> +	char *prefix;
> +
> +	for (i = 0; i < opts->num_mnt_opts; i++) {
> +		/* we need a comma before each option */
> +		seq_putc(m, ',');
> +
> +		switch (opts->mnt_opts_flags[i]) {
> +		case CONTEXT_MNT:
> +			prefix = CONTEXT_STR;
> +			break;
> +		case FSCONTEXT_MNT:
> +			prefix = FSCONTEXT_STR;
> +			break;
> +		case ROOTCONTEXT_MNT:
> +			prefix = ROOTCONTEXT_STR;
> +			break;
> +		case DEFCONTEXT_MNT:
> +			prefix = DEFCONTEXT_STR;
> +			break;
> +		default:
> +			BUG();
> +		};
> +		seq_puts(m, prefix);
> +		seq_puts(m, opts->mnt_opts[i]);
> +	}
> +}
> +
> +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	struct security_mnt_opts opts;
> +	int rc;
> +
> +	rc = selinux_get_mnt_opts(sb, &opts);
> +	if (rc)
> +		return rc;
> +
> +	selinux_write_opts(m, &opts);
> +
> +	security_free_mnt_opts(&opts);
> +
> +	return rc;
> +}
> +
>  static inline u16 inode_mode_to_security_class(umode_t mode)
>  {
>  	switch (mode & S_IFMT) {
> @@ -5257,6 +5304,7 @@ static struct security_operations selinu
>  	.sb_free_security =		selinux_sb_free_security,
>  	.sb_copy_data =			selinux_sb_copy_data,
>  	.sb_kern_mount =	        selinux_sb_kern_mount,
> +	.sb_show_options =		selinux_sb_show_options,
>  	.sb_statfs =			selinux_sb_statfs,
>  	.sb_mount =			selinux_mount,
>  	.sb_umount =			selinux_umount,
> Index: vfs-2.6/fs/namespace.c
> ===================================================================
> --- vfs-2.6.orig/fs/namespace.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/fs/namespace.c	2008-04-02 11:03:18.000000000 +0200
> @@ -748,7 +748,7 @@ struct proc_fs_info {
>  	const char *str;
>  };
>  
> -static void show_sb_opts(struct seq_file *m, struct super_block *sb)
> +static int show_sb_opts(struct seq_file *m, struct super_block *sb)
>  {
>  	static const struct proc_fs_info fs_info[] = {
>  		{ MS_SYNCHRONOUS, ",sync" },
> @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
>  		if (sb->s_flags & fs_infop->flag)
>  			seq_puts(m, fs_infop->str);
>  	}
> +
> +	return security_sb_show_options(m, sb);
>  }
>  
>  static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
> @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
>  	seq_putc(m, ' ');
>  	show_type(m, mnt->mnt_sb);
>  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
> -	show_sb_opts(m, mnt->mnt_sb);
> +	err = show_sb_opts(m, mnt->mnt_sb);
>  	show_mnt_opts(m, mnt);
> -	if (mnt->mnt_sb->s_op->show_options)
> +	if (!err && mnt->mnt_sb->s_op->show_options)
>  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
>  	seq_puts(m, " 0 0\n");
>  	return err;
> @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
>  	seq_putc(m, ' ');
>  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
>  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
> -	show_sb_opts(m, sb);
> -	if (sb->s_op->show_options)
> +	err = show_sb_opts(m, sb);
> +	if (!err && sb->s_op->show_options)
>  		err = sb->s_op->show_options(m, mnt);
>  	seq_putc(m, '\n');
>  	return err;