[PATCH] tomoyo: Change pathname calculation for read-only filesystems.
James Morris
jmorris at namei.org
Wed Feb 27 20:25:09 UTC 2019
On Wed, 27 Feb 2019, Tetsuo Handa wrote:
> Commit 5625f2e3266319fd ("TOMOYO: Change pathname for non-rename()able
> filesystems.") intended to be applied to filesystems where the content is
> not controllable from the userspace (e.g. proc, sysfs, securityfs), based
> on an assumption that such filesystems do not support rename() operation.
>
> But it turned out that read-only filesystems also do not support rename()
> operation despite the content is controllable from the userspace, and that
> commit is annoying TOMOYO users who want to use e.g. squashfs as the root
> filesystem due to use of local name which does not start with '/'.
>
> Therefore, based on an assumption that filesystems which require the
> device argument upon mount() request is an indication that the content
> is controllable from the userspace, do not use local name if a filesystem
> does not support rename() operation but requires the device argument upon
> mount() request.
I'd definitely like Al's input on this.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> ---
> security/tomoyo/realpath.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
> index 85e6e31..e7832448 100644
> --- a/security/tomoyo/realpath.c
> +++ b/security/tomoyo/realpath.c
> @@ -295,7 +295,8 @@ char *tomoyo_realpath_from_path(const struct path *path)
> * or dentry without vfsmount.
> */
> if (!path->mnt ||
> - (!inode->i_op->rename))
> + (!inode->i_op->rename &&
> + !(sb->s_type->fs_flags & FS_REQUIRES_DEV)))
> pos = tomoyo_get_local_path(path->dentry, buf,
> buf_len - 1);
> /* Get absolute name for the rest. */
>
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list