From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: casey@schaufler-ca.com, paul@paul-moore.com, jmorris@namei.org,
serge@hallyn.com
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v2 4/5] smack: Initialize the in-memory inode in smack_inode_init_security()
Date: Mon, 24 Jul 2023 17:13:40 +0200 [thread overview]
Message-ID: <20230724151341.538889-5-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20230724151341.538889-1-roberto.sassu@huaweicloud.com>
From: Roberto Sassu <roberto.sassu@huawei.com>
Currently, Smack initializes in-memory new inodes in three steps. It first
sets the xattrs in smack_inode_init_security(), fetches them in
smack_d_instantiate() and finally, in the same function, sets the in-memory
inodes depending on xattr values, unless they are in specially-handled
filesystems.
Other than being inefficient, this also prevents filesystems not supporting
xattrs from working properly since, without xattrs, there is no way to pass
the label determined in smack_inode_init_security() to
smack_d_instantiate().
Since the LSM infrastructure allows setting and getting the security field
without xattrs through the inode_setsecurity and inode_getsecurity hooks,
make the inode creation work too, by initializing the in-memory inode
earlier in smack_inode_init_security().
Also mark the inode as instantiated, to prevent smack_d_instantiate() from
overwriting the security field. As mentioned above, this potentially has
impact for inodes in specially-handled filesystems in
smack_d_instantiate(), if they are not handled in the same way in
smack_inode_init_security().
Filesystems other than tmpfs don't call security_inode_init_security(), so
they would be always initialized in smack_d_instantiate(), as before. For
tmpfs, the current behavior is to assign to inodes the label '*', but
actually that label is overwritten with the one fetched from the SMACK64
xattr, set in smack_inode_init_security() (default: '_').
Initializing the in-memory inode is straightforward: if not transmuting,
nothing more needs to be done; if transmuting, overwrite the current inode
label with the one from the parent directory, and set SMK_INODE_TRANSMUTE.
Finally, set SMK_INODE_INSTANT for all cases, to mark the inode as
instantiated.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
security/smack/smack_lsm.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 5a31d005c6d..f3946778192 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -942,6 +942,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
struct xattr *xattrs, int *xattr_count)
{
struct task_smack *tsp = smack_cred(current_cred());
+ struct inode_smack *issp = smack_inode(inode);
struct smack_known *skp = smk_of_task(tsp);
struct smack_known *isp = smk_of_inode(inode);
struct smack_known *dsp = smk_of_inode(dir);
@@ -977,7 +978,9 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
* smack_inode_alloc_security().
*/
if (tsp->smk_task != tsp->smk_transmuted)
- isp = dsp;
+ isp = issp->smk_inode = dsp;
+
+ issp->smk_flags |= SMK_INODE_TRANSMUTE;
xattr_transmute = lsm_get_xattr_slot(xattrs,
xattr_count);
if (xattr_transmute) {
@@ -992,6 +995,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
}
}
+ issp->smk_flags |= SMK_INODE_INSTANT;
+
if (xattr) {
xattr->value = kstrdup(isp->smk_known, GFP_NOFS);
if (!xattr->value)
--
2.34.1
next prev parent reply other threads:[~2023-07-24 15:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-24 15:13 [PATCH v2 0/5] Smack transmute fixes Roberto Sassu
2023-07-24 15:13 ` [PATCH v2 1/5] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Roberto Sassu
2023-07-24 15:13 ` [PATCH v2 2/5] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu
2023-07-24 15:13 ` [PATCH v2 3/5] smack: Always determine inode labels in smack_inode_init_security() Roberto Sassu
2023-07-24 15:13 ` Roberto Sassu [this message]
2023-07-24 15:13 ` [PATCH v2 5/5] ramfs: Initialize security of in-memory inodes Roberto Sassu
2023-11-15 8:01 ` Roberto Sassu
2023-11-15 22:24 ` Andrew Morton
2023-07-25 18:18 ` [PATCH v2 0/5] Smack transmute fixes Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230724151341.538889-5-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).