On 01/05/2020 06:02, James Morris wrote: > On Tue, 28 Apr 2020, Mickaël Salaün wrote: > >> An LSM doesn't get path information related to an access request to open >> an inode. This new (internal) MAY_EXECMOUNT flag enables an LSM to >> check if the underlying mount point of an inode is marked as executable. >> This is useful to implement a security policy taking advantage of the >> noexec mount option. >> >> This flag is set according to path_noexec(), which checks if a mount >> point is mounted with MNT_NOEXEC or if the underlying superblock is >> SB_I_NOEXEC. >> >> Signed-off-by: Mickaël Salaün <[email protected]> >> Reviewed-by: Philippe Trébuchet <[email protected]> >> Reviewed-by: Thibaut Sautereau <[email protected]> >> Cc: Aleksa Sarai <[email protected]> >> Cc: Al Viro <[email protected]> >> Cc: Kees Cook <[email protected]> > > Are there any existing LSMs which plan to use this aspect?
This commit message was initially for the first version of O_MAYEXEC, which extended Yama. The current enforcement implementation is now directly in the FS subsystem (as requested by Kees Cook). However, this MAY_EXECMOUNT flag is still used by the current FS implementation and it could still be useful for LSMs.
