| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Dec 2021 17:31:36 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Christian Brauner <christian.brauner@...ntu.com>
Cc: linux-integrity@...r.kernel.org, zohar@...ux.ibm.com,
serge@...lyn.com, containers@...ts.linux.dev,
dmitry.kasatkin@...il.com, ebiederm@...ssion.com,
krzysztof.struczynski@...wei.com, roberto.sassu@...wei.com,
mpeters@...hat.com, lhinds@...hat.com, lsturman@...hat.com,
puiterwi@...hat.com, jejb@...ux.ibm.com, jamjoom@...ibm.com,
linux-kernel@...r.kernel.org, paul@...l-moore.com, rgb@...hat.com,
linux-security-module@...r.kernel.org, jmorris@...ei.org,
James Bottomley <James.Bottomley@...senPartnership.com>
Subject: Re: [PATCH v6 12/17] securityfs: Extend securityfs with namespacing
support
On 12/11/21 05:50, Christian Brauner wrote:
> On Fri, Dec 10, 2021 at 02:47:31PM -0500, Stefan Berger wrote:
>> Extend 'securityfs' for support of IMA namespacing so that each
>> IMA (user) namespace can have its own front-end for showing the currently
>> active policy, the measurement list, number of violations and so on.
>>
>> Drop the addition dentry reference and simplify cleanup to work without
>> the additional reference. This enables simple cleanup of dentries upon
>> umount.
>>
>> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
>> Signed-off-by: James Bottomley <James.Bottomley@...senPartnership.com>
>> ---
>> security/inode.c | 14 ++++----------
>> 1 file changed, 4 insertions(+), 10 deletions(-)
>>
>> diff --git a/security/inode.c b/security/inode.c
>> index fee01ff4d831..c77ae8ecc464 100644
>> --- a/security/inode.c
>> +++ b/security/inode.c
>> @@ -54,7 +54,7 @@ static int securityfs_fill_super(struct super_block *sb, struct fs_context *fc)
>>
>> static int securityfs_get_tree(struct fs_context *fc)
>> {
>> - return get_tree_single(fc, securityfs_fill_super);
>> + return get_tree_keyed(fc, securityfs_fill_super, fc->user_ns);
>> }
>>
>> static const struct fs_context_operations securityfs_context_ops = {
>> @@ -72,6 +72,7 @@ static struct file_system_type fs_type = {
>> .name = "securityfs",
>> .init_fs_context = securityfs_init_fs_context,
>> .kill_sb = kill_litter_super,
>> + .fs_flags = FS_USERNS_MOUNT,
>> };
>>
>> /**
>> @@ -168,7 +169,6 @@ static struct dentry *securityfs_create_dentry(const char *name, umode_t mode,
>> inode->i_fop = fops;
>> }
>> d_instantiate(dentry, inode);
>> - dget(dentry);
>> inode_unlock(dir);
>> return dentry;
>>
>> @@ -306,23 +306,17 @@ EXPORT_SYMBOL_GPL(securityfs_create_symlink);
>> void securityfs_remove(struct dentry *dentry)
>> {
>> struct user_namespace *ns;
>> - struct inode *dir;
>>
>> if (!dentry || IS_ERR(dentry))
>> return;
>>
>> ns = dentry->d_sb->s_user_ns;
>>
>> - dir = d_inode(dentry->d_parent);
>> - inode_lock(dir);
>> if (simple_positive(dentry)) {
>> - if (d_is_dir(dentry))
>> - simple_rmdir(dir, dentry);
>> - else
>> - simple_unlink(dir, dentry);
>> + d_delete(dentry);
>> dput(dentry);
> In
> https://lore.kernel.org/lkml/20211210114934.tacjnwryihrsx6ln@wittgenstein
> I explained why d_delete()+d_put() only is wrong and how to fix it.
Fixed for v7.
Powered by blists - more mailing lists