From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-fsdevel@vger.kernel.org, brauner@kernel.org, jack@suse.cz,
mjguzik@gmail.com, paul@paul-moore.com, axboe@kernel.dk,
audit@vger.kernel.org, io-uring@vger.kernel.org
Subject: Re: [RFC][PATCH 10/13] get rid of audit_reusename()
Date: Tue, 11 Nov 2025 01:16:13 +0000 [thread overview]
Message-ID: <20251111011613.GO2441659@ZenIV> (raw)
In-Reply-To: <CAHk-=wi3vpw5W6rV6VKxa9PYF3Xwn5_6AT=OwqBWO79g6N1B_A@mail.gmail.com>
On Mon, Nov 10, 2025 at 12:52:57PM -0800, Linus Torvalds wrote:
> On Mon, 10 Nov 2025 at 11:58, Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > If we go that way, do you see any problems with treating
> > osf_{ufs,cdfs}_mount() in the same manner? Yes, these are pathnames,
>
> Hmm. In those cases, the ENAMETOOLONG thing actually does make sense -
> exactly because they are pathnames.
>
> So I think that in those two places using getname() is fairly natural
> and gets us the natural error handling too. No?
Seeing that we don't do that for native mount(2)... Hell knows -
the thing is, import is done early in syscall, before we know what
does that particular filesystem type expect. It's not always a pathname
of any sort.
Note that empty string for the first argument of mount(2) is perfectly
fine - for some values of the 5th (flags) and 3rd (type) ones.
So plain getname() is not an option and we do, unfortunately, need the
sucker imported before we start parsing the flags, etc.
I'd love to take security_sb_mount() - it's an utter shitshow of API,
inherently racy, etc., but currently it takes a kernelspace string for
the first argument (dev_name) and is called before we'd even started
to look at flags (so the instances have to essentially duplicate flags
parsing, among other things).
But that's a lot of massage and it will require the LSM crowd acceptance ;-/
If earlier attempts are anything to go by, there will be a lot of
resistance.
BTW, take a look at apparmor_sb_mount() and aa_bind_mount(). Compare
the calls of kern_path() in aa_bind_mount() and in do_loopback() and
note that the damn thing relies upon both pathwalks resolving to the
same location...
next prev parent reply other threads:[~2025-11-11 1:16 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-09 6:37 [RFC][PATCH 00/13] io_uring, struct filename and audit Al Viro
2025-11-09 6:37 ` [RFC][PATCH 01/13] do_faccessat(): import pathname only once Al Viro
2025-11-09 6:37 ` [RFC][PATCH 02/13] do_fchmodat(): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 03/13] do_fchownat(): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 04/13] do_utimes_path(): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 05/13] chdir(2): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 06/13] chroot(2): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 07/13] user_statfs(): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 08/13] do_sys_truncate(): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 09/13] do_readlinkat(): " Al Viro
2025-11-09 6:37 ` [RFC][PATCH 10/13] get rid of audit_reusename() Al Viro
2025-11-09 19:18 ` Linus Torvalds
2025-11-09 19:55 ` Mateusz Guzik
2025-11-09 20:22 ` Linus Torvalds
2025-11-09 22:18 ` Mateusz Guzik
2025-11-09 22:29 ` Linus Torvalds
2025-11-09 22:33 ` Mateusz Guzik
2025-11-09 22:39 ` Mateusz Guzik
2025-11-09 22:41 ` Linus Torvalds
2025-11-09 22:44 ` Linus Torvalds
2025-11-09 23:07 ` Linus Torvalds
2025-11-09 22:18 ` Linus Torvalds
2025-11-10 5:17 ` Al Viro
2025-11-10 16:41 ` Linus Torvalds
2025-11-10 19:58 ` Al Viro
2025-11-10 20:52 ` Linus Torvalds
2025-11-11 1:16 ` Al Viro [this message]
2025-11-10 6:05 ` Al Viro
2025-11-10 6:36 ` Al Viro
2025-11-10 16:50 ` Linus Torvalds
2025-11-10 23:13 ` Paul Moore
2025-11-11 0:23 ` Paul Moore
2025-11-09 6:37 ` [RFC][PATCH 11/13] allow incomplete imports of filenames Al Viro
2025-11-11 0:45 ` Paul Moore
2025-11-11 14:41 ` Jens Axboe
2025-11-09 6:37 ` [RFC][PATCH 12/13] fs: touch up predicts in putname() Al Viro
2025-11-09 6:37 ` [RFC][PATCH 13/13] struct filename ->refcnt doesn't need to be atomic Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251111011613.GO2441659@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=audit@vger.kernel.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=io-uring@vger.kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mjguzik@gmail.com \
--cc=paul@paul-moore.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).