From: Paul Moore <paul@paul-moore.com>
To: "Günther Noack" <gnoack3000@gmail.com>
Cc: linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@digikod.net>,
"James Morris" <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
linux-fsdevel@vger.kernel.org,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Nathan Chancellor" <nathan@kernel.org>
Subject: Re: [PATCH v10 04/11] landlock: Support file truncation
Date: Tue, 18 Oct 2022 15:13:40 -0400 [thread overview]
Message-ID: <CAHC9VhTCb2UXq_fATM6rHjLL-o4Bib3JXUYL_wONthB8WTnG9g@mail.gmail.com> (raw)
In-Reply-To: <20221018182216.301684-5-gnoack3000@gmail.com>
On Tue, Oct 18, 2022 at 2:22 PM Günther Noack <gnoack3000@gmail.com> wrote:
>
> Introduce the LANDLOCK_ACCESS_FS_TRUNCATE flag for file truncation.
>
> This flag hooks into the path_truncate, file_truncate and
> file_alloc_security LSM hooks and covers file truncation using
> truncate(2), ftruncate(2), open(2) with O_TRUNC, as well as creat().
>
> This change also increments the Landlock ABI version, updates
> corresponding selftests, and updates code documentation to document
> the flag.
>
> In security/security.c, allocate security blobs at pointer-aligned
> offsets. This fixes the problem where one LSM's security blob can
> shift another LSM's security blob to an unaligned address. (Reported
> by Nathan Chancellor)
>
> The following operations are restricted:
>
> open(2): requires the LANDLOCK_ACCESS_FS_TRUNCATE right if a file gets
> implicitly truncated as part of the open() (e.g. using O_TRUNC).
>
> Notable special cases:
> * open(..., O_RDONLY|O_TRUNC) can truncate files as well in Linux
> * open() with O_TRUNC does *not* need the TRUNCATE right when it
> creates a new file.
>
> truncate(2) (on a path): requires the LANDLOCK_ACCESS_FS_TRUNCATE
> right.
>
> ftruncate(2) (on a file): requires that the file had the TRUNCATE
> right when it was previously opened. File descriptors acquired by
> other means than open(2) (e.g. memfd_create(2)) continue to support
> truncation with ftruncate(2).
>
> Reported-by: Nathan Chancellor <nathan@kernel.org>
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> ---
> include/uapi/linux/landlock.h | 21 +++-
> security/landlock/fs.c | 104 ++++++++++++++++++-
> security/landlock/fs.h | 24 +++++
> security/landlock/limits.h | 2 +-
> security/landlock/setup.c | 1 +
> security/landlock/syscalls.c | 2 +-
> security/security.c | 11 +-
> tools/testing/selftests/landlock/base_test.c | 2 +-
> tools/testing/selftests/landlock/fs_test.c | 7 +-
> 9 files changed, 153 insertions(+), 21 deletions(-)
Thanks for the LSM security blob allocator fixes Günther!
Acked-by: Paul Moore <paul@paul-moore.com> (LSM)
--
paul-moore.com
next prev parent reply other threads:[~2022-10-18 19:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 18:22 [PATCH v10 00/11] landlock: truncate support Günther Noack
2022-10-18 18:22 ` [PATCH v10 01/11] security: Create file_truncate hook from path_truncate hook Günther Noack
2022-10-18 18:22 ` [PATCH v10 02/11] landlock: Refactor check_access_path_dual() into is_access_to_paths_allowed() Günther Noack
2022-10-18 18:22 ` [PATCH v10 03/11] landlock: Document init_layer_masks() helper Günther Noack
2022-10-18 18:22 ` [PATCH v10 04/11] landlock: Support file truncation Günther Noack
2022-10-18 18:29 ` Günther Noack
2022-10-18 19:13 ` Paul Moore [this message]
2022-10-18 18:22 ` [PATCH v10 05/11] selftests/landlock: Test file truncation support Günther Noack
2022-10-18 18:22 ` [PATCH v10 06/11] selftests/landlock: Test open() and ftruncate() in multiple scenarios Günther Noack
2022-10-18 18:22 ` [PATCH v10 07/11] selftests/landlock: Locally define __maybe_unused Günther Noack
2022-10-18 18:22 ` [PATCH v10 08/11] selftests/landlock: Test FD passing from restricted to unrestricted processes Günther Noack
2022-10-18 18:22 ` [PATCH v10 09/11] selftests/landlock: Test ftruncate on FDs created by memfd_create(2) Günther Noack
2022-10-18 18:22 ` [PATCH v10 10/11] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE Günther Noack
2022-10-18 18:22 ` [PATCH v10 11/11] landlock: Document Landlock's file truncation support Günther Noack
2022-10-18 22:33 ` [PATCH v10 00/11] landlock: truncate support Nathan Chancellor
2022-10-20 9:52 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhTCb2UXq_fATM6rHjLL-o4Bib3JXUYL_wONthB8WTnG9g@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=gnoack3000@gmail.com \
--cc=jmorris@namei.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=nathan@kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).