[PATCH 08/10] LSM: SafeSetID: add read handler
Jann Horn
jannh at google.com
Wed Apr 10 17:42:18 UTC 2019
On Wed, Apr 10, 2019 at 7:27 PM Kees Cook <keescook at chromium.org> wrote:
> On Wed, Apr 10, 2019 at 9:56 AM Micah Morton <mortonm at chromium.org> wrote:
> >
> > From: Jann Horn <jannh at google.com>
> >
> > For debugging a running system, it is very helpful to be able to see what
> > policy the system is using. Add a read handler that can dump out a copy of
> > the loaded policy.
> >
> > Signed-off-by: Jann Horn <jannh at google.com>
> > Signed-off-by: Micah Morton <mortonm at chromium.org>
> > ---
> > security/safesetid/lsm.h | 3 +++
> > security/safesetid/securityfs.c | 38 +++++++++++++++++++++++++++++++--
> > 2 files changed, 39 insertions(+), 2 deletions(-)
> >
> > diff --git a/security/safesetid/lsm.h b/security/safesetid/lsm.h
> > index 4a34f558d964..9380329fe30a 100644
> > --- a/security/safesetid/lsm.h
> > +++ b/security/safesetid/lsm.h
> > @@ -17,6 +17,7 @@
> > #include <linux/types.h>
> > #include <linux/uidgid.h>
> > #include <linux/hashtable.h>
> > +#include <linux/refcount.h>
> >
> > /* Flag indicating whether initialization completed */
> > extern int safesetid_initialized;
> > @@ -41,7 +42,9 @@ struct setuid_rule {
> >
> > struct setuid_ruleset {
> > DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
> > + char *policy_str;
> > struct rcu_head rcu;
> > + refcount_t refcount;
> > };
>
> refcount seems like overkill? Why not just use the spinlock? Neither
> read nor write are "fast path".
You can't copy to userspace under a spinlock or under RCU. But we
could change policy_update_lock to a mutex and hold that across the
policy read.
More information about the Linux-security-module-archive
mailing list