[PATCH] tomoyo: Change pathname calculation for read-only filesystems.

[Tetsuo Handa]

Al, do you have any concerns with this patch?

On 2019/02/28 5:25, James Morris wrote:
> On Wed, 27 Feb 2019, Tetsuo Handa wrote:
> 
>> Commit 5625f2e3266319fd ("TOMOYO: Change pathname for non-rename()able
>> filesystems.") intended to be applied to filesystems where the content is
>> not controllable from the userspace (e.g. proc, sysfs, securityfs), based
>> on an assumption that such filesystems do not support rename() operation.
>>
>> But it turned out that read-only filesystems also do not support rename()
>> operation despite the content is controllable from the userspace, and that
>> commit is annoying TOMOYO users who want to use e.g. squashfs as the root
>> filesystem due to use of local name which does not start with '/'.
>>
>> Therefore, based on an assumption that filesystems which require the
>> device argument upon mount() request is an indication that the content
>> is controllable from the userspace, do not use local name if a filesystem
>> does not support rename() operation but requires the device argument upon
>> mount() request.
> 
> I'd definitely like Al's input on this.
> 
>>
>> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
>> ---
>>  security/tomoyo/realpath.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
>> index 85e6e31..e7832448 100644
>> --- a/security/tomoyo/realpath.c
>> +++ b/security/tomoyo/realpath.c
>> @@ -295,7 +295,8 @@ char *tomoyo_realpath_from_path(const struct path *path)
>>  		 * or dentry without vfsmount.
>>  		 */
>>  		if (!path->mnt ||
>> -		    (!inode->i_op->rename))
>> +		    (!inode->i_op->rename &&
>> +		     !(sb->s_type->fs_flags & FS_REQUIRES_DEV)))
>>  			pos = tomoyo_get_local_path(path->dentry, buf,
>>  						    buf_len - 1);
>>  		/* Get absolute name for the rest. */
>>
>