lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 21 May 2008 12:23:00 +0900
From:	hooanon05@...oo.co.jp
To:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:	Junjiro Okajima <hooanon05@...oo.co.jp>
Subject: [AUFS PATCH v2.6.26-rc2-mm1 30/39] aufs delegate mode

From: Junjiro Okajima <hooanon05@...oo.co.jp>

initial commit
'delegate' is a special mode for people who don't want their application
to access branches through aufs or to be traced strictly by task I/O
accounting. Also it will be helpful for LSM users, because the internal
access from aufs to branches may be detected, reported or prohibited by
LSM. in 'delegate' mode, aufs passes the internal access to the aufs
kernel thread.

Signed-off-by: Junjiro Okajima <hooanon05@...oo.co.jp>
---
 fs/aufs/dlgt.c |  110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 110 insertions(+), 0 deletions(-)
 create mode 100644 fs/aufs/dlgt.c

diff --git a/fs/aufs/dlgt.c b/fs/aufs/dlgt.c
new file mode 100644
index 0000000..9fb25b7
--- /dev/null
+++ b/fs/aufs/dlgt.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2008 Junjiro Okajima
+ *
+ * This program, aufs is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+/*
+ * lookup functions in 'delegate' mode
+ */
+
+#include "aufs.h"
+
+/* ---------------------------------------------------------------------- */
+
+struct au_lookup_one_len_args {
+	struct dentry **errp;
+	const char *name;
+	struct dentry *parent;
+	int len;
+};
+
+static void au_call_lookup_one_len(void *args)
+{
+	struct au_lookup_one_len_args *a = args;
+	*a->errp = vfsub_lookup_one_len(a->name, a->parent, a->len);
+}
+
+struct dentry *au_lkup_one_dlgt(const char *name, struct dentry *parent,
+				int len, unsigned int flags)
+{
+	struct dentry *dentry;
+	int dirperm1;
+
+	LKTRTrace("%.*s/%.*s, 0x%x\n", AuDLNPair(parent), len, name, flags);
+
+	dirperm1 = au_ftest_ndx(flags, DIRPERM1);
+	if (!dirperm1 && !au_ftest_ndx(flags, DLGT))
+		dentry = vfsub_lookup_one_len(name, parent, len);
+	else {
+		int wkq_err;
+		struct au_lookup_one_len_args args = {
+			.errp	= &dentry,
+			.name	= name,
+			.parent	= parent,
+			.len	= len
+		};
+		wkq_err = au_wkq_wait(au_call_lookup_one_len, &args,
+				      /*dlgt*/!dirperm1);
+		if (unlikely(wkq_err))
+			dentry = ERR_PTR(wkq_err);
+	}
+
+	AuTraceErrPtr(dentry);
+	return dentry;
+}
+
+/* ---------------------------------------------------------------------- */
+
+struct security_inode_permission_args {
+	int *errp;
+	struct inode *h_inode;
+	int mask;
+	struct nameidata *fake_nd;
+};
+
+static void call_security_inode_permission(void *args)
+{
+	struct security_inode_permission_args *a = args;
+	LKTRTrace("fsuid %d\n", current->fsuid);
+	*a->errp = security_inode_permission(a->h_inode, a->mask, a->fake_nd);
+}
+
+int au_security_inode_permission(struct inode *h_inode, int mask,
+				 struct nameidata *fake_nd, int dlgt)
+{
+	int err;
+
+	AuTraceEnter();
+
+	if (!dlgt)
+		err = security_inode_permission(h_inode, mask, fake_nd);
+	else {
+		int wkq_err;
+		struct security_inode_permission_args args = {
+			.errp		= &err,
+			.h_inode	= h_inode,
+			.mask		= mask,
+			.fake_nd	= fake_nd
+		};
+		wkq_err = au_wkq_wait(call_security_inode_permission, &args,
+				      /*dlgt*/1);
+		if (unlikely(wkq_err))
+			err = wkq_err;
+	}
+
+	AuTraceErr(err);
+	return err;
+}
-- 
1.5.5.1.308.g1fbb5.dirty

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ