lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 May 2018 08:31:00 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     David Howells <dhowells@...hat.com>
Cc:     viro@...iv.linux.org.uk, linux-nfs@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-afs@...ts.infradead.org
Subject: Re: [PATCH 03/24] VFS: Introduce the structs and doc for a filesystem
 context [ver #7]

On 05/01/2018 07:29 AM, David Howells wrote:
> Randy Dunlap <rdunlap@...radead.org> wrote:
> 
>>> + (2) Parse the options and attach them to the context.  Options may be passed
>>> +     individually from userspace.
>>
>> Does this say that step (2) can be multiple small steps?
> 
> Perhaps "phase (2)" would be a better name than "step (2)".  During (2),
> multiple argument-supplying calls may be made.

Ack.

>> How does step (2) know when userspace has completed sending individual
>> options?
> 
> Moving to phase (3) terminates phase (2).  This is triggered by userspace
> writing "x create" or "x reconfigure" to the fd as things stand.
> 
>>> + (6) Return an error message attached to the context.
>>
>> where/how is this done?
> 
> That got taken out and made general - which Linus then objected to.  I need to
> reinsert this and make it fscontext-specific as most people would really like
> to have it, the mount process being able to produce so many weird and
> wonderful errors.
> 
>>> +When the VFS creates this, it allocates ->fs_context_size bytes (as specified
>>> +by the file_system_type object) to hold both the fs_context struct and any
>>> +extra data required by the filesystem.  The fs_context struct is placed at the
>>> +beginning of this space.  Any extra space beyond that is for use by the
>>> +filesystem.  The filesystem should wrap the struct in its own, e.g.:
>>
>>                                                       in its own struct, e.g.:
> 
> How about "... The filesystem should wrap the struct in one of its own, e.g."?

OK.

>>> + (*) int security_fs_context_parse_option(struct fs_context *fc, char *opt);	
>>> +
>>> +     Called for each mount option.  The arguments are as for the
>>> +     ->parse_option() method.  An active LSM may reject one with an error, pass
>>> +     one over and return 0 or consume one and return 1.  If consumed, the
>>
>> What does "pass one over" mean?
> 
> How about:
> 
> 	An active LSM may return 0 to pass the option on to the filesystem, 1
> 	to cause the option to be discarded or an error to cause the option to
> 	be rejected.

Much better. Thanks.

-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ