| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1478551587-33892-1-git-send-email-david.graziano@rockwellcollins.com>
Date: Mon, 7 Nov 2016 14:46:27 -0600
From: David Graziano <david.graziano@...kwellcollins.com>
To: golbi@....uni.torun.pl, michal.wronski@...il.com
Cc: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, sds@...ho.nsa.gov,
seth.forshee@...onical.com, ebiederm@...ssion.com,
David Graziano <david.graziano@...kwellcollins.com>
Subject: [PATCH 1/1 V2] mqueue: Implment generic xattr support
This patch adds support for generic extended attributes within the
POSIX message queues filesystem and setting them by consulting the LSM.
This is needed so that the security.selinux extended attribute can be
set via a SELinux named type transition on file inodes created within
the filesystem. The implementation and LSM call back function are based
off tmpfs/shmem.
Signed-off-by: David Graziano <david.graziano@...kwellcollins.com>
---
ipc/mqueue.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 0b13ace..512a546 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -35,6 +35,7 @@
#include <linux/ipc_namespace.h>
#include <linux/user_namespace.h>
#include <linux/slab.h>
+#include <linux/xattr.h>
#include <net/sock.h>
#include "util.h"
@@ -70,6 +71,7 @@ struct mqueue_inode_info {
struct rb_root msg_tree;
struct posix_msg_tree_node *node_cache;
struct mq_attr attr;
+ struct simple_xattrs xattrs; /* list of xattrs */
struct sigevent notify;
struct pid *notify_owner;
@@ -254,6 +256,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
info->attr.mq_maxmsg = attr->mq_maxmsg;
info->attr.mq_msgsize = attr->mq_msgsize;
}
+ simple_xattrs_init(&info->xattrs);
/*
* We used to allocate a static array of pointers and account
* the size of that array as well as one msg_msg struct per
@@ -413,6 +416,41 @@ static void mqueue_evict_inode(struct inode *inode)
put_ipc_ns(ipc_ns);
}
+/*
+ * Callback for security_inode_init_security() for acquiring xattrs.
+ */
+static int mqueue_initxattrs(struct inode *inode,
+ const struct xattr *xattr_array,
+ void *fs_info)
+{
+ struct mqueue_inode_info *info = MQUEUE_I(inode);
+ const struct xattr *xattr;
+ struct simple_xattr *new_xattr;
+ size_t len;
+
+ for (xattr = xattr_array; xattr->name != NULL; xattr++) {
+ new_xattr = simple_xattr_alloc(xattr->value, xattr->value_len);
+ if (!new_xattr)
+ return -ENOMEM;
+ len = strlen(xattr->name) + 1;
+ new_xattr->name = kmalloc(XATTR_SECURITY_PREFIX_LEN + len,
+ GFP_KERNEL);
+ if (!new_xattr->name) {
+ kfree(new_xattr);
+ return -ENOMEM;
+ }
+
+ memcpy(new_xattr->name, XATTR_SECURITY_PREFIX,
+ XATTR_SECURITY_PREFIX_LEN);
+ memcpy(new_xattr->name + XATTR_SECURITY_PREFIX_LEN,
+ xattr->name, len);
+
+ simple_xattr_list_add(&info->xattrs, new_xattr);
+ }
+
+ return 0;
+}
+
static int mqueue_create(struct inode *dir, struct dentry *dentry,
umode_t mode, bool excl)
{
@@ -443,6 +481,14 @@ static int mqueue_create(struct inode *dir, struct dentry *dentry,
ipc_ns->mq_queues_count--;
goto out_unlock;
}
+ error = security_inode_init_security(inode, dir,
+ &dentry->d_name,
+ mqueue_initxattrs, NULL);
+ if (error && error != -EOPNOTSUPP) {
+ spin_lock(&mq_lock);
+ ipc_ns->mq_queues_count--;
+ goto out_unlock;
+ }
put_ipc_ns(ipc_ns);
dir->i_size += DIRENT_SIZE;
--
1.9.1
Powered by blists - more mailing lists