Re: [PATCH 3/9] security,overlayfs: Provide security hook for copy up of xattrs for overlay file

linux-unionfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: Vivek Goyal <vgoyal@redhat.com>,
	miklos@szeredi.hu, pmoore@redhat.com, casey@schaufler-ca.com,
	linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org,
	linux-security-module@vger.kernel.org
Cc: dwalsh@redhat.com, dhowells@redhat.com, viro@ZenIV.linux.org.uk,
	linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 3/9] security,overlayfs: Provide security hook for copy up of xattrs for overlay file
Date: Thu, 14 Jul 2016 10:20:21 -0400	[thread overview]
Message-ID: <6213922b-c2e8-3a79-b13f-86c78d77e829@tycho.nsa.gov> (raw)
In-Reply-To: <1468421095-22322-4-git-send-email-vgoyal@redhat.com>

On 07/13/2016 10:44 AM, Vivek Goyal wrote:
> Provide a security hook which is called when xattrs of a file are being
> copied up. This hook is called once for each xattr and LSM can return
> 0 if the security module wants the xattr to be copied up, 1 if the
> security module wants the xattr to be discarded on the copy, -EOPNOTSUPP
> if the security module does not handle/manage the xattr, or a -errno
> upon an error.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>  fs/overlayfs/copy_up.c    |  7 +++++++
>  include/linux/lsm_hooks.h | 10 ++++++++++
>  include/linux/security.h  |  6 ++++++
>  security/security.c       |  8 ++++++++
>  4 files changed, 31 insertions(+)
> 
> diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> index 8ebea18..68cefb2 100644
> --- a/fs/overlayfs/copy_up.c
> +++ b/fs/overlayfs/copy_up.c
> @@ -103,6 +103,13 @@ retry:
>  			goto retry;
>  		}
>  
> +		error = security_inode_copy_up_xattr(name);
> +		if (error < 0 && error != -EOPNOTSUPP)
> +			break;
> +		if (error == 1) {
> +			error = 0;
> +			continue; /* Discard */
> +		}
>  		error = vfs_setxattr(new, name, value, size, 0);
>  		if (error)
>  			break;
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index c1f95be..84caead 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -410,6 +410,14 @@
>   *	@src indicates the union dentry of file that is being copied up.
>   *	@new pointer to pointer to return newly allocated creds.
>   *	Returns 0 on success or a negative error code on error.
> + * @inode_copy_up_xattr:
> + *	Filter the xattrs being copied up when a unioned file is copied
> + *	up from a lower layer to the union/overlay layer.
> + *	@name indicates the name of the xattr.
> + *	Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP if
> + *	security module does not know about attribute or a negative error code
> + *	to abort the copy up. Note that the caller is responsible for reading
> + *	and writing the xattrs as this hook is merely a filter.
>   *
>   * Security hooks for file operations
>   *
> @@ -1435,6 +1443,7 @@ union security_list_options {
>  					size_t buffer_size);
>  	void (*inode_getsecid)(struct inode *inode, u32 *secid);
>  	int (*inode_copy_up) (struct dentry *src, struct cred **new);
> +	int (*inode_copy_up_xattr) (const char *name);
>  
>  	int (*file_permission)(struct file *file, int mask);
>  	int (*file_alloc_security)(struct file *file);
> @@ -1707,6 +1716,7 @@ struct security_hook_heads {
>  	struct list_head inode_listsecurity;
>  	struct list_head inode_getsecid;
>  	struct list_head inode_copy_up;
> +	struct list_head inode_copy_up_xattr;
>  	struct list_head file_permission;
>  	struct list_head file_alloc_security;
>  	struct list_head file_free_security;
> diff --git a/include/linux/security.h b/include/linux/security.h
> index c976d79..4a3b8bc 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -283,6 +283,7 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void
>  int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
>  void security_inode_getsecid(struct inode *inode, u32 *secid);
>  int security_inode_copy_up(struct dentry *src, struct cred **new);
> +int security_inode_copy_up_xattr(const char *name);
>  int security_file_permission(struct file *file, int mask);
>  int security_file_alloc(struct file *file);
>  void security_file_free(struct file *file);
> @@ -764,6 +765,11 @@ static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
>  	return 0;
>  }
>  
> +static inline int security_inode_copy_up_xattr(const char *name)
> +{
> +	return -EOPNOTSUPP;
> +}
> +
>  static inline int security_file_permission(struct file *file, int mask)
>  {
>  	return 0;
> diff --git a/security/security.c b/security/security.c
> index 3d142aa..3321e31 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -733,6 +733,12 @@ int security_inode_copy_up(struct dentry *src, struct cred **new)
>  }
>  EXPORT_SYMBOL(security_inode_copy_up);
>  
> +int security_inode_copy_up_xattr(const char *name)
> +{
> +	return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name);
> +}
> +EXPORT_SYMBOL(security_inode_copy_up_xattr);
> +
>  int security_file_permission(struct file *file, int mask)
>  {
>  	int ret;
> @@ -1671,6 +1677,8 @@ struct security_hook_heads security_hook_heads = {
>  		LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
>  	.inode_copy_up =
>  		LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
> +	.inode_copy_up_xattr =
> +		LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
>  	.file_permission =
>  		LIST_HEAD_INIT(security_hook_heads.file_permission),
>  	.file_alloc_security =
>

next prev parent reply	other threads:[~2016-07-14 14:20 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-13 14:44 [RFC PATCH 0/9][V3] Overlayfs SELinux Support Vivek Goyal
2016-07-13 14:44 ` [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files Vivek Goyal
2016-07-13 14:52   ` Stephen Smalley
2016-07-13 14:56     ` Vivek Goyal
2016-07-13 15:13   ` Vivek Goyal
2016-07-14 14:32     ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 2/9] selinux: Implementation for inode_copy_up() hook Vivek Goyal
2016-07-13 14:53   ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 3/9] security,overlayfs: Provide security hook for copy up of xattrs for overlay file Vivek Goyal
2016-07-14 14:20   ` Stephen Smalley [this message]
2016-07-13 14:44 ` [PATCH 4/9] selinux: Implementation for inode_copy_up_xattr() hook Vivek Goyal
2016-07-13 14:54   ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 5/9] selinux: Pass security pointer to determine_inode_label() Vivek Goyal
2016-07-13 14:56   ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files Vivek Goyal
2016-07-13 14:57   ` Stephen Smalley
2016-07-13 14:59     ` Stephen Smalley
2016-07-14 14:29   ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 7/9] selinux: Implement dentry_create_files_as() hook Vivek Goyal
2016-07-13 14:59   ` Stephen Smalley
2016-07-13 14:44 ` [PATCH 8/9] overlayfs: Dilute permission checks on lower only if not special file Vivek Goyal
2016-07-14  6:51   ` Miklos Szeredi
2016-07-13 14:44 ` [PATCH 9/9] overlayfs: Append MAY_READ when diluting write checks Vivek Goyal
2016-07-14  6:49   ` Miklos Szeredi
2016-07-21 21:16 ` [RFC PATCH 0/9][V3] Overlayfs SELinux Support Paul Moore
2016-07-21 23:09   ` James Morris
2016-07-22  7:05   ` Miklos Szeredi
2016-07-22 15:33     ` Paul Moore
2016-08-08 12:46       ` Miklos Szeredi
2016-08-08 13:18         ` Paul Moore
2016-08-09  1:19   ` Paul Moore
2016-08-10  9:11     ` Miklos Szeredi
2016-08-10 12:32       ` Paul Moore
2016-08-10 12:52         ` Daniel J Walsh
2016-08-11 12:36           ` Paul Moore
2016-08-11 12:39             ` Daniel J Walsh
2016-08-11 14:06             ` Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6213922b-c2e8-3a79-b13f-86c78d77e829@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=casey@schaufler-ca.com \
    --cc=dhowells@redhat.com \
    --cc=dwalsh@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=pmoore@redhat.com \
    --cc=vgoyal@redhat.com \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).