[RFC] Add vfsmount to vfs helper functions.

[Kentaro Takeda]

In the LSM ml, we are discussing about
how to know requested pathnames within LSM modules.

Currently, VFS helper functions don't pass struct vfsmount parameter.
Therefore, we cannot calculate requested pathnames within LSM modules
because LSM hooks can't know struct vfsmount parameter that corresponds with
struct dentry passed to VFS helper functions.

AppArmor is proposing a patch that appends struct vfsmount parameters to
VFS helper functions so that LSM modules (SELinux, AppArmor, TOMOYO) can
calculate requested pathnames.

The changes in include/linux/fs.h are shown below.
What do you think about these changes?

- Start of changes -
--- fs.h.orig
+++ fs.h
@@ -1070,13 +1070,13 @@
  */
 extern int vfs_permission(struct nameidata *, int);
 extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata 
*);
-extern int vfs_mkdir(struct inode *, struct dentry *, int);
-extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t);
-extern int vfs_symlink(struct inode *, struct dentry *, const char *, int);
-extern int vfs_link(struct dentry *, struct inode *, struct dentry *);
-extern int vfs_rmdir(struct inode *, struct dentry *);
-extern int vfs_unlink(struct inode *, struct dentry *);
-extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct 
dentry *);
+extern int vfs_mkdir(struct inode *, struct dentry *, struct vfsmount *, int);
+extern int vfs_mknod(struct inode *, struct dentry *, struct vfsmount *, int, 
dev_t);
+extern int vfs_symlink(struct inode *, struct dentry *, struct vfsmount *, 
const char *, int);
+extern int vfs_link(struct dentry *, struct vfsmount *, struct inode *, struct 
dentry *, struct vfsmount *);
+extern int vfs_rmdir(struct inode *, struct dentry *, struct vfsmount *);
+extern int vfs_unlink(struct inode *, struct dentry *, struct vfsmount *);
+extern int vfs_rename(struct inode *, struct dentry *, struct vfsmount *, 
struct inode *, struct dentry *, struct vfsmount *);
 
 /*
  * VFS dentry helper functions.
@@ -1538,8 +1538,8 @@
 
 /* fs/open.c */
 
-extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
-  struct file *filp);
+extern int do_truncate(struct dentry *, struct vfsmount *, loff_t start,
+  unsigned int time_attrs, struct file *filp);
 extern long do_sys_open(int dfd, const char __user *filename, int flags,
int mode);
 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int);
@@ -1695,7 +1695,7 @@
 #ifdef CONFIG_BLOCK
 extern sector_t bmap(struct inode *, sector_t);
 #endif
-extern int notify_change(struct dentry *, struct iattr *);
+extern int notify_change(struct dentry *, struct vfsmount *, struct iattr *);
 extern int permission(struct inode *, int, struct nameidata *);
 extern int generic_permission(struct inode *, int,
int (*check_acl)(struct inode *, int));
@@ -1757,9 +1757,9 @@
 extern void clear_inode(struct inode *);
 extern void destroy_inode(struct inode *);
 extern struct inode *new_inode(struct super_block *);
-extern int __remove_suid(struct dentry *, int);
+extern int __remove_suid(struct path *, int);
 extern int should_remove_suid(struct dentry *);
-extern int remove_suid(struct dentry *);
+extern int remove_suid(struct path *);
 
 extern void __insert_inode_hash(struct inode *, unsigned long hashval);
 extern void remove_inode_hash(struct inode *);
- End of changes -

-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TOMOYO #6 retry 02/21] Add struct vfsmount to struct task_struct.

[Kentaro Takeda]

Serge:
 Right, but one will be preferred by the community - and while I have my
 own preference, I wouldn't put too much faith on that, rather talk with
 the apparmor folks, look over the lkml logs for previous submissions,
 and then decide.
Thanks for your advice.
We got the same advice from [EMAIL PROTECTED] in Embedded Linux Conference 2007,
and contacted AppArmor folks but no action occurred. We'll try to contact again.

John Johansen:
Both AppArmor and TOMOYO need vfsmount in LSM hooks. Although we suggested
another solution in [TOMOYO #6], we can use AppArmor's approach.
How about submitting only vfsmount patches before submitting AppArmor/TOMOYO
main module?

We think the patches relate to not only LSM folks but also fsdevel folks.
So we are going to post the brief description of the patches to fsdevel.

Regards,
Kentaro Takeda

-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TOMOYO #6 retry 02/21] Add struct vfsmount to struct task_struct.

[Kentaro Takeda]

Hello.

Serge E. Hallyn wrote:
 I must say I personally prefer the apparmor approach.
No problem.

 But I'd recommend
 you get together and get this piece pushed on its own, whichever version
 you can agree on.
TOMOYO can use AppArmor's patch.

 Yes it needs a user, but at this point I would think
 both tomoyo and apparmor have had enough visibility that everyone knows
 the intended users.
Not only AppArmor and TOMOYO but also SELinux want to use vfsmount.
(http://marc.info/?l=selinuxm=120005904211942w=2)

 It seems to me you're both being held up by this piece, and getting
 another full posting of either tomoyo or apparmor isn't going to help,
 so hopefully you can combine your efforts to get this solved.
We welcome AppArmor's vfsmount patches, but I wonder why AppArmor's
vfsmount patches are not merged yet.

What prevents AppArmor's vfsmount patches from merging into -mm tree?

Regards.
Kentaro Takeda

-
To unsubscribe from this list: send the line unsubscribe linux-fsdevel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html