[PATCH 03/24] VFS: Introduce the structs and doc for a filesystem context [ver #7]
David Howells
dhowells at redhat.com
Tue May 1 14:29:10 UTC 2018
Randy Dunlap <rdunlap at infradead.org> wrote:
> > + (2) Parse the options and attach them to the context. Options may be passed
> > + individually from userspace.
>
> Does this say that step (2) can be multiple small steps?
Perhaps "phase (2)" would be a better name than "step (2)". During (2),
multiple argument-supplying calls may be made.
> How does step (2) know when userspace has completed sending individual
> options?
Moving to phase (3) terminates phase (2). This is triggered by userspace
writing "x create" or "x reconfigure" to the fd as things stand.
> > + (6) Return an error message attached to the context.
>
> where/how is this done?
That got taken out and made general - which Linus then objected to. I need to
reinsert this and make it fscontext-specific as most people would really like
to have it, the mount process being able to produce so many weird and
wonderful errors.
> > +When the VFS creates this, it allocates ->fs_context_size bytes (as specified
> > +by the file_system_type object) to hold both the fs_context struct and any
> > +extra data required by the filesystem. The fs_context struct is placed at the
> > +beginning of this space. Any extra space beyond that is for use by the
> > +filesystem. The filesystem should wrap the struct in its own, e.g.:
>
> in its own struct, e.g.:
How about "... The filesystem should wrap the struct in one of its own, e.g."?
> > + (*) int security_fs_context_parse_option(struct fs_context *fc, char *opt);
> > +
> > + Called for each mount option. The arguments are as for the
> > + ->parse_option() method. An active LSM may reject one with an error, pass
> > + one over and return 0 or consume one and return 1. If consumed, the
>
> What does "pass one over" mean?
How about:
An active LSM may return 0 to pass the option on to the filesystem, 1
to cause the option to be discarded or an error to cause the option to
be rejected.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list