Re: [PATCH v7 0/4] fanotify: introduce new event mask FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM

[Jan Kara <jack@suse.cz>]

On Thu 08-11-18 14:04:10, Matthew Bobrowski wrote:
> Currently, the fanotify API does not provide a means for user space
> applications to receive events when a file has been opened specifically
> for execution. New event masks FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM have
> been introduced in order to provide users with this capability.
> 
> These event types, when either are explicitly requested by the user, will
> be returned within the event mask when a marked file object is being
> opened has __FMODE_EXEC set as one of the flags for open_flag.
> 
> Linux is used as an operating system in some products, with an environment
> that can be certified under the Common Criteria Operating System
> Protection Profile (OSPP). This is a formal threat model for a class of
> technology. It requires specific countermeasures to mitigate threats. It
> requires documentation to explain how a product implements these
> countermeasures. It requires proof via a test suite to demonstrate that
> the requirements are met, observed and checked by an independent qualified
> third party. The latest set of requirements for OSPP v4.2 can be found
> here:
> 
> https://www.niap-ccevs.org/Profile/Info.cfm?PPID=424&id=424
> 
> If you look on page 58, you will see the following requirement:
> 
> FPT_SRP_EXT.1 Software Restriction Policies FPT_SRP_EXT.1.1
> administrator specified [selection:
>         file path,
>         file digital signature,
>         version,
>         hash,
>         [assignment: other characteristics]
> ]
> 
> This patch is to help aid in meeting this requirement.
> 
> Changes since v6:
> 	* Reordered patches within the patch series for the sake of
> 	  correctness.
> 	* Updated patch that contains FAN_OPEN_EXEC_PERM functionality to
> 	  include separate call to fsnotify_parent()/fsnotify() which is
> 	  used to mitigate merging of permission events.
> 
> Note that this set of patches are based on Amir's fsnotify-fixes branch,
> which has already been posted through for review. For those interested,
> this branch can be found here:
> https://github.com/amir73il/linux/commits/fsnotify-fixes
> 
> LTP tests for this feature are on my 'fanotify-exec' branch here:
> https://github.com/matthewbobrowski/ltp/commits/fanotify_exec. The files
> that contains the test cases are provided below:
> 
> syscalls/fanotify03: test cases have been updated to cover
>                      FAN_OPEN_EXEC_PERM events
> syscalls/fanotify12: newly introduced LTP test file to cover
>                      FAN_OPEN_EXEC events

I have been wondering for a while why the testcases passed when ignore mask
hasn't been properly treated in fanotify_group_event_mask() but then I
realized that the generic code will not even call to fanotify if ignore
masks result in clearing the event. Anyway, the rest of the series looks OK
(I've updated the changelog of 4/4 as requested by Amir) and tests pass
fine so once I get confirmation from you regarding 1/4, I'll push
everything out.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR