[PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Mon Jul 8 12:02:10 UTC 2019


Hello, David Howells.

I realized via https://lwn.net/Articles/792622/ that a new set of
system calls for filesystem mounting has been added to Linux 5.2. But
I feel that LSM modules are not ready to support these system calls.

An example is move_mount() added by this patch. This patch added
security_move_mount() LSM hook but none of in-tree LSM modules are
providing "LSM_HOOK_INIT(move_mount, ...)" entry. Therefore, currently
security_move_mount() is a no-op. At least for TOMOYO, I want to check
mount manipulations caused by system calls because allowing mounts on
arbitrary location is not acceptable for pathname based access control.
What happened? I want TOMOYO to perform similar checks like mount() does.

On 2019/02/20 2:08, David Howells wrote:
> Add a move_mount() system call that will move a mount from one place to
> another and, in the next commit, allow to attach an unattached mount tree.
> 
> The new system call looks like the following:
> 
> 	int move_mount(int from_dfd, const char *from_path,
> 		       int to_dfd, const char *to_path,
> 		       unsigned int flags);
> 
> Signed-off-by: David Howells <dhowells at redhat.com>
> cc: linux-api at vger.kernel.org
> Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>



More information about the Linux-security-module-archive mailing list