[PATCH] tomoyo: Change pathname calculation for read-only filesystems.
penguin-kernel at i-love.sakura.ne.jp
Fri Apr 12 11:09:23 UTC 2019
Al, do you have any concerns with this patch?
On 2019/02/28 5:25, James Morris wrote:
> On Wed, 27 Feb 2019, Tetsuo Handa wrote:
>> Commit 5625f2e3266319fd ("TOMOYO: Change pathname for non-rename()able
>> filesystems.") intended to be applied to filesystems where the content is
>> not controllable from the userspace (e.g. proc, sysfs, securityfs), based
>> on an assumption that such filesystems do not support rename() operation.
>> But it turned out that read-only filesystems also do not support rename()
>> operation despite the content is controllable from the userspace, and that
>> commit is annoying TOMOYO users who want to use e.g. squashfs as the root
>> filesystem due to use of local name which does not start with '/'.
>> Therefore, based on an assumption that filesystems which require the
>> device argument upon mount() request is an indication that the content
>> is controllable from the userspace, do not use local name if a filesystem
>> does not support rename() operation but requires the device argument upon
>> mount() request.
> I'd definitely like Al's input on this.
>> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
>> security/tomoyo/realpath.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>> diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
>> index 85e6e31..e7832448 100644
>> --- a/security/tomoyo/realpath.c
>> +++ b/security/tomoyo/realpath.c
>> @@ -295,7 +295,8 @@ char *tomoyo_realpath_from_path(const struct path *path)
>> * or dentry without vfsmount.
>> if (!path->mnt ||
>> - (!inode->i_op->rename))
>> + (!inode->i_op->rename &&
>> + !(sb->s_type->fs_flags & FS_REQUIRES_DEV)))
>> pos = tomoyo_get_local_path(path->dentry, buf,
>> buf_len - 1);
>> /* Get absolute name for the rest. */
More information about the Linux-security-module-archive