[RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)
Mickaël Salaün
mic at digikod.net
Mon Sep 14 16:43:17 UTC 2020
Arnd and Michael,
What do you think of "should_faccessat" or "entrusted_faccessat" for
this new system call?
On 12/09/2020 02:28, James Morris wrote:
> On Thu, 10 Sep 2020, Matthew Wilcox wrote:
>
>> On Thu, Sep 10, 2020 at 08:38:21PM +0200, Mickaël Salaün wrote:
>>> There is also the use case of noexec mounts and file permissions. From
>>> user space point of view, it doesn't matter which kernel component is in
>>> charge of defining the policy. The syscall should then not be tied with
>>> a verification/integrity/signature/appraisal vocabulary, but simply an
>>> access control one.
>>
>> permission()?
>>
>
> The caller is not asking the kernel to grant permission, it's asking
> "SHOULD I access this file?"
>
> The caller doesn't know, for example, if the script file it's about to
> execute has been signed, or if it's from a noexec mount. It's asking the
> kernel, which does know. (Note that this could also be extended to reading
> configuration files).
>
> How about: should_faccessat ?
>
Sounds good to me.
More information about the Linux-security-module-archive
mailing list