[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081014205233.1057.45494.stgit@paris.rdu.redhat.com>
Date: Tue, 14 Oct 2008 16:52:33 -0400
From: Eric Paris <eparis@...hat.com>
To: linux-kernel@...r.kernel.org, malware-list@...ts.printk.net
Cc: viro@...IV.linux.org.uk, alan@...rguk.ukuu.org.uk,
arjan@...radead.org, greg@...ah.com, tytso@....edu
Subject: [PATCH -v2 12/16] fanotify: user interface for access decisions
turns out that access decisions are useless if there is no way to do
anything about them. So we add an interface. Alan will hate it, but at
least it works...
Signed-off-by: Eric Paris <eparis@...hat.com>
---
include/linux/fanotify.h | 7 +++++++
net/fanotify/af_fanotify.c | 11 ++++++++++-
2 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 07b8e77..b5c9db9 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -81,8 +81,15 @@ struct fanotify_so_fastpath {
uint32_t mask;
};
+/* struct used for FANOTIFY_SEND_RESPONSE */
+struct fanotify_so_access {
+ uint64_t cookie;
+ uint32_t response;
+};
+
/* fanotify setsockopt optvals */
#define FANOTIFY_SET_FASTPATH 1
+#define FANOTIFY_SEND_RESPONSE 2
#ifdef __KERNEL__
diff --git a/net/fanotify/af_fanotify.c b/net/fanotify/af_fanotify.c
index a7d3b96..89099ab 100644
--- a/net/fanotify/af_fanotify.c
+++ b/net/fanotify/af_fanotify.c
@@ -164,6 +164,7 @@ static int fan_setsockopt(struct socket *sock, int level, int optname, char __us
struct fanotify_sock *fan_sock;
struct fanotify_group *group;
struct fanotify_so_fastpath fp_data;
+ struct fanotify_so_access access_data;
int ret = 0;
if (sock->state != SS_CONNECTED)
@@ -179,7 +180,15 @@ static int fan_setsockopt(struct socket *sock, int level, int optname, char __us
ret = copy_from_user(&fp_data, optval, sizeof(struct fanotify_so_fastpath));
if (ret)
return ret;
- fanotify_fastpath_add(group, fp_data.fd, fp_data.mask);
+ ret = fanotify_fastpath_add(group, fp_data.fd, fp_data.mask);
+ break;
+ case FANOTIFY_SEND_RESPONSE:
+ if (optlen < sizeof(struct fanotify_so_access))
+ return -ENOMEM;
+ ret = copy_from_user(&access_data, optval, sizeof(struct fanotify_so_access));
+ if (ret)
+ return ret;
+ ret = fanotify_process_access_response(group, access_data.cookie, access_data.response);
break;
default:
return -ENOPROTOOPT;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists