Re: [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: "Seth Forshee (DigitalOcean)" <sforshee@kernel.org>,
	Christian Brauner <brauner@kernel.org>,
	Serge Hallyn <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
	Eric Paris <eparis@redhat.com>, James Morris <jmorris@namei.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, Jan Kara <jack@suse.cz>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Ondrej Mosnacek <omosnace@redhat.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	Eric Snowberg <eric.snowberg@oracle.com>,
	"Matthew Wilcox (Oracle)" <willy@infradead.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Miklos Szeredi <miklos@szeredi.hu>,
	 Amir Goldstein <amir73il@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	 linux-security-module@vger.kernel.org, audit@vger.kernel.org,
	 selinux@vger.kernel.org, linux-integrity@vger.kernel.org,
	 linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org
Subject: Re: [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps
Date: Fri, 01 Mar 2024 16:59:16 +0100	[thread overview]
Message-ID: <c5b496e53dac2b4b5402cc5aa9a09178d63323b7.camel@huaweicloud.com> (raw)
In-Reply-To: <20240221-idmap-fscap-refactor-v2-11-3039364623bd@kernel.org>

On Wed, 2024-02-21 at 15:24 -0600, Seth Forshee (DigitalOcean) wrote:
> In preparation for moving fscaps out of the xattr code paths, add new
> security hooks. These hooks are largely needed because common kernel
> code will pass around struct vfs_caps pointers, which EVM will need to
> convert to raw xattr data for verification and updates of its hashes.
> 
> Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
> ---
>  include/linux/lsm_hook_defs.h |  7 +++++
>  include/linux/security.h      | 33 +++++++++++++++++++++
>  security/security.c           | 69 +++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 109 insertions(+)
> 
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index 76458b6d53da..7b3c23f9e4a5 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -152,6 +152,13 @@ LSM_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap,
>  	 struct dentry *dentry, const char *acl_name)
>  LSM_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap,
>  	 struct dentry *dentry, const char *acl_name)
> +LSM_HOOK(int, 0, inode_set_fscaps, struct mnt_idmap *idmap,
> +	 struct dentry *dentry, const struct vfs_caps *caps, int flags);
> +LSM_HOOK(void, LSM_RET_VOID, inode_post_set_fscaps, struct mnt_idmap *idmap,
> +	 struct dentry *dentry, const struct vfs_caps *caps, int flags);
> +LSM_HOOK(int, 0, inode_get_fscaps, struct mnt_idmap *idmap, struct dentry *dentry);
> +LSM_HOOK(int, 0, inode_remove_fscaps, struct mnt_idmap *idmap,
> +	 struct dentry *dentry);

Uhm, there should not be semicolons here.

Roberto

>  LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)
>  LSM_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap,
>  	 struct dentry *dentry)
> diff --git a/include/linux/security.h b/include/linux/security.h
> index d0eb20f90b26..40be548e5e12 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -378,6 +378,13 @@ int security_inode_getxattr(struct dentry *dentry, const char *name);
>  int security_inode_listxattr(struct dentry *dentry);
>  int security_inode_removexattr(struct mnt_idmap *idmap,
>  			       struct dentry *dentry, const char *name);
> +int security_inode_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry,
> +			      const struct vfs_caps *caps, int flags);
> +void security_inode_post_set_fscaps(struct mnt_idmap *idmap,
> +				    struct dentry *dentry,
> +				    const struct vfs_caps *caps, int flags);
> +int security_inode_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry);
> +int security_inode_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry);
>  int security_inode_need_killpriv(struct dentry *dentry);
>  int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry);
>  int security_inode_getsecurity(struct mnt_idmap *idmap,
> @@ -935,6 +942,32 @@ static inline int security_inode_removexattr(struct mnt_idmap *idmap,
>  	return cap_inode_removexattr(idmap, dentry, name);
>  }
>  
> +static inline int security_inode_set_fscaps(struct mnt_idmap *idmap,
> +					    struct dentry *dentry,
> +					    const struct vfs_caps *caps,
> +					    int flags)
> +{
> +	return 0;
> +}
> +static void security_inode_post_set_fscaps(struct mnt_idmap *idmap,
> +					   struct dentry *dentry,
> +					   const struct vfs_caps *caps,
> +					   int flags)
> +{
> +}
> +
> +static int security_inode_get_fscaps(struct mnt_idmap *idmap,
> +				     struct dentry *dentry)
> +{
> +	return 0;
> +}
> +
> +static int security_inode_remove_fscaps(struct mnt_idmap *idmap,
> +					struct dentry *dentry)
> +{
> +	return 0;
> +}
> +
>  static inline int security_inode_need_killpriv(struct dentry *dentry)
>  {
>  	return cap_inode_need_killpriv(dentry);
> diff --git a/security/security.c b/security/security.c
> index 3aaad75c9ce8..0d210da9862c 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2351,6 +2351,75 @@ int security_inode_remove_acl(struct mnt_idmap *idmap,
>  	return evm_inode_remove_acl(idmap, dentry, acl_name);
>  }
>  
> +/**
> + * security_inode_set_fscaps() - Check if setting fscaps is allowed
> + * @idmap: idmap of the mount
> + * @dentry: file
> + * @caps: fscaps to be written
> + * @flags: flags for setxattr
> + *
> + * Check permission before setting the file capabilities given in @vfs_caps.
> + *
> + * Return: Returns 0 if permission is granted.
> + */
> +int security_inode_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry,
> +			      const struct vfs_caps *caps, int flags)
> +{
> +	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> +		return 0;
> +	return call_int_hook(inode_set_fscaps, 0, idmap, dentry, caps, flags);
> +}
> +
> +/**
> + * security_inode_post_set_fscaps() - Update the inode after setting fscaps
> + * @idmap: idmap of the mount
> + * @dentry: file
> + * @caps: fscaps to be written
> + * @flags: flags for setxattr
> + *
> + * Update inode security field after successfully setting fscaps.
> + *
> + */
> +void security_inode_post_set_fscaps(struct mnt_idmap *idmap,
> +				    struct dentry *dentry,
> +				    const struct vfs_caps *caps, int flags)
> +{
> +	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> +		return;
> +	call_void_hook(inode_post_set_fscaps, idmap, dentry, caps, flags);
> +}
> +
> +/**
> + * security_inode_get_fscaps() - Check if reading fscaps is allowed
> + * @dentry: file
> + *
> + * Check permission before getting fscaps.
> + *
> + * Return: Returns 0 if permission is granted.
> + */
> +int security_inode_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry)
> +{
> +	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> +		return 0;
> +	return call_int_hook(inode_get_fscaps, 0, idmap, dentry);
> +}
> +
> +/**
> + * security_inode_remove_fscaps() - Check if removing fscaps is allowed
> + * @idmap: idmap of the mount
> + * @dentry: file
> + *
> + * Check permission before removing fscaps.
> + *
> + * Return: Returns 0 if permission is granted.
> + */
> +int security_inode_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry)
> +{
> +	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> +		return 0;
> +	return call_int_hook(inode_remove_fscaps, 0, idmap, dentry);
> +}
> +
>  /**
>   * security_inode_post_setxattr() - Update the inode after a setxattr operation
>   * @dentry: file
>

next prev parent reply	other threads:[~2024-03-01 15:59 UTC|newest]

Thread overview: 87+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-21 21:24 [PATCH v2 00/25] fs: use type-safe uid representation for filesystem capabilities Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h Seth Forshee (DigitalOcean)
2024-02-22 14:09   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 02/25] mnt_idmapping: include cred.h Seth Forshee (DigitalOcean)
2024-02-22 14:12   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data Seth Forshee (DigitalOcean)
2024-02-22 14:23   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 04/25] capability: rename cpu_vfs_cap_data to vfs_caps Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 05/25] capability: use vfsuid_t for vfs_caps rootids Seth Forshee (DigitalOcean)
2024-02-22 14:25   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 06/25] capability: provide helpers for converting between xattrs and vfs_caps Seth Forshee (DigitalOcean)
2024-02-22 15:20   ` Christian Brauner
2024-02-22 15:38     ` Seth Forshee (DigitalOcean)
2024-02-23  8:08       ` Christian Brauner
2024-03-01 16:30   ` Roberto Sassu
2024-03-01 19:00     ` Seth Forshee (DigitalOcean)
2024-03-04  8:33       ` Roberto Sassu
2024-03-04 14:24         ` Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 07/25] capability: provide a helper for converting vfs_caps to xattr for userspace Seth Forshee (DigitalOcean)
2024-02-22 15:22   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 08/25] xattr: add is_fscaps_xattr() helper Seth Forshee (DigitalOcean)
2024-02-23  8:09   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 09/25] commoncap: use is_fscaps_xattr() Seth Forshee (DigitalOcean)
2024-02-23  8:10   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 10/25] xattr: " Seth Forshee (DigitalOcean)
2024-02-23  8:10   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps Seth Forshee (DigitalOcean)
2024-02-21 23:31   ` Paul Moore
2024-02-22  0:07     ` Seth Forshee (DigitalOcean)
2024-02-23  8:23   ` Christian Brauner
2024-03-01 15:59   ` Roberto Sassu [this message]
2024-03-01 18:50     ` Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 12/25] selinux: add hooks for fscaps operations Seth Forshee (DigitalOcean)
2024-02-21 23:38   ` Paul Moore
2024-02-22  0:10     ` Seth Forshee (DigitalOcean)
2024-02-22  0:19       ` Paul Moore
2024-02-22  0:28         ` Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 13/25] smack: " Seth Forshee (DigitalOcean)
2024-02-21 22:52   ` Casey Schaufler
2024-02-22  0:11     ` Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 14/25] evm: add support for fscaps security hooks Seth Forshee (DigitalOcean)
2024-03-01  9:19   ` Roberto Sassu
2024-03-01 12:54     ` Christian Brauner
2024-03-01 13:19       ` Roberto Sassu
2024-03-01 13:39         ` Christian Brauner
2024-03-01 14:39     ` Seth Forshee (DigitalOcean)
2024-03-01 15:04       ` Roberto Sassu
2024-03-04 15:01   ` Roberto Sassu
2024-02-21 21:24 ` [PATCH v2 15/25] security: call evm fscaps hooks from generic " Seth Forshee (DigitalOcean)
2024-02-21 23:43   ` Paul Moore
2024-02-22  0:20     ` Seth Forshee (DigitalOcean)
2024-02-22  0:37       ` Paul Moore
2024-02-21 21:24 ` [PATCH v2 16/25] fs: add inode operations to get/set/remove fscaps Seth Forshee (DigitalOcean)
2024-02-23  8:25   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 17/25] fs: add vfs_get_fscaps() Seth Forshee (DigitalOcean)
2024-02-23  8:28   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 18/25] fs: add vfs_set_fscaps() Seth Forshee (DigitalOcean)
2024-02-23  8:38   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 19/25] fs: add vfs_remove_fscaps() Seth Forshee (DigitalOcean)
2024-02-23  8:40   ` Christian Brauner
2024-02-21 21:24 ` [PATCH v2 20/25] ovl: add fscaps handlers Seth Forshee (DigitalOcean)
2024-02-23  9:04   ` Christian Brauner
2024-02-27 13:28   ` Amir Goldstein
2024-02-27 14:57     ` Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 21/25] ovl: use vfs_{get,set}_fscaps() for copy-up Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 22/25] fs: use vfs interfaces for capabilities xattrs Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 23/25] commoncap: remove cap_inode_getsecurity() Seth Forshee (DigitalOcean)
2024-02-21 21:24 ` [PATCH v2 24/25] commoncap: use vfs fscaps interfaces Seth Forshee (DigitalOcean)
2024-03-04 10:19   ` Roberto Sassu
2024-03-04 15:31     ` Seth Forshee (DigitalOcean)
2024-03-04 16:17       ` Roberto Sassu
2024-03-04 16:56         ` Seth Forshee (DigitalOcean)
2024-03-05  9:12           ` Christian Brauner
2024-03-05 12:46             ` Roberto Sassu
2024-03-05 16:26               ` Christian Brauner
2024-03-05 16:35                 ` Roberto Sassu
2024-03-05 17:03                   ` Seth Forshee (DigitalOcean)
2024-03-05 17:08                     ` Roberto Sassu
2024-03-05 17:11               ` Roberto Sassu
2024-03-05 20:17                 ` Seth Forshee (DigitalOcean)
2024-03-06  8:30                   ` Roberto Sassu
2024-03-06  2:17                 ` Mimi Zohar
2024-03-06  8:25                   ` Roberto Sassu
2024-03-06 12:56                     ` Mimi Zohar
2024-02-21 21:24 ` [PATCH v2 25/25] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr() Seth Forshee (DigitalOcean)
2024-02-22 15:27 ` [PATCH v2 00/25] fs: use type-safe uid representation for filesystem capabilities Christian Brauner
2024-02-22 16:28   ` Seth Forshee (DigitalOcean)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c5b496e53dac2b4b5402cc5aa9a09178d63323b7.camel@huaweicloud.com \
    --to=roberto.sassu@huaweicloud.com \
    --cc=amir73il@gmail.com \
    --cc=audit@vger.kernel.org \
    --cc=brauner@kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=corbet@lwn.net \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=eparis@redhat.com \
    --cc=eric.snowberg@oracle.com \
    --cc=jack@suse.cz \
    --cc=jmorris@namei.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=roberto.sassu@huawei.com \
    --cc=selinux@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=sforshee@kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).