[PATCH 13/38] tomoyo: Implement security hooks for the new mount API [ver #10]

David Howells dhowells at redhat.com
Mon Jul 30 10:49:16 UTC 2018


Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp> wrote:

> Would you provide examples of each possible combination as a C program?
> For example, if one mount point from multiple sources with different
> options are possible, please describe such pattern using syscall so that
> LSM modules can run it to see whether they are working as expected. 

One example could be overlayfs.  So you might do, say:

	ufd = open("/overlay", O_PATH);
	fsfd = fsopen("overlay", 0);
	fsconfig(fsfd, fsconfig_set_path, "lowerdir", "/src", AT_FDCWD);
	fsconfig(fsfd, fsconfig_set_path, "upperdir", "upper", ufd);
	fsconfig(fsfd, fsconfig_set_path, "workdir", "scratch", ufd);
	mfd = fsmount(fsfd, 0, 0);
	move_mount(fsfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH);

which would allow you to specify the "sources" using dirfds.

Another possibility is could be ext4 with separate journal:

	fsfd = fsopen("ext4", 0);
	fsconfig(fsfd, fsconfig_set_path, "source", "/dev/sda1", AT_FDCWD);
	fsconfig(fsfd, fsconfig_set_path, "journal_path", "/dev/sda2", AT_FDCWD);
	mfd = fsmount(fsfd, 0, 0);
	move_mount(fsfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH);

And then there's bcachefs which suggests on the webpage:

	mount -t bcachefs /dev/sda1:/dev/sdb1 /mnt

but you could then do:

	fsfd = fsopen("bcachefs", 0);
	fsconfig(fsfd, fsconfig_set_path, "source", "/dev/sda1", AT_FDCWD);
	fsconfig(fsfd, fsconfig_set_path, "source", "/dev/sdb2", AT_FDCWD);
	mfd = fsmount(fsfd, 0, 0);
	move_mount(fsfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH);

One thing I'm not certain of is whether I should allow multiple values to the
same key name, or whether I should require that each key be labelled
differently, possibly something like:

	fsconfig(fsfd, fsconfig_set_path, "source", "/dev/sda1", AT_FDCWD);
	fsconfig(fsfd, fsconfig_set_path, "source.1", "/dev/sdb2", AT_FDCWD);

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list