[PATCH v4 0/4] mount notification

Miklos Szeredi mszeredi at redhat.com
Thu Jan 23 19:41:03 UTC 2025 

Addressed all comments, and split up patch into three pieces (fsnotify,
fanotify, namespace) and added a fourth patch for mount changes.

There's only one FIXME remaining in selinux_path_notify().  The path passed
to fanotify_mark() and subsequently to ->path_notify() is a namespace file,
and comes from nsfs (i.e. /proc/$$/ns/mnt).  Does this need to be handled
specially by selinux?

Paul, can you please review this change?

Thanks,
Miklos

---
v4:
  - add notification on attribute change
  - deal with two FIXMEs
  - move data and code to #ifdef CONFIG_FSNOTIFY regions
  - function renames for more consistentcy (Christian)
  - explanation comment in umount_tree() (Christian)
  - style cleanups in fanotify (Amir, Jan)
  - changed FAN_MNT_* values (Amir)

v3:
  - use a global list protected for temporarily storing (Christian)
  - move fsnotify_* calls to namespace_unlock() (Christian)
  - downgrade namespace_sem to read for fsnotify_* calls (Christian)
  - add notification for reparenting in propagate_umount (Christian)
  - require nsfs file (/proc/PID/ns/mnt) in fanotify_mark(2) (Christian)
  - cleaner check for fsnotify being initialized (Amir)
  - fix stub __fsnotify_mntns_delete (kernel test robot)
  - don't add FANOTIFY_MOUNT_EVENTS to FANOTIFY_FD_EVENTS (Amir)

v2:
  - notify for whole namespace as this seems to be what people prefer
  - move fsnotify() calls outside of mount_lock
  - only report mnt_id, not parent_id


Miklos Szeredi (4):
  fsnotify: add mount notification infrastructure
  fanotify: notify on mount attach and detach
  vfs: add notifications for mount attach and detach
  vfs: add notifications for mount attribute change

 fs/mount.h                         |  26 +++++++
 fs/namespace.c                     | 120 ++++++++++++++++++++++++++++-
 fs/notify/fanotify/fanotify.c      |  38 ++++++++-
 fs/notify/fanotify/fanotify.h      |  18 +++++
 fs/notify/fanotify/fanotify_user.c |  86 +++++++++++++++++----
 fs/notify/fdinfo.c                 |   5 ++
 fs/notify/fsnotify.c               |  47 +++++++++--
 fs/notify/fsnotify.h               |  11 +++
 fs/notify/mark.c                   |  14 +++-
 fs/pnode.c                         |   4 +-
 include/linux/fanotify.h           |  12 ++-
 include/linux/fsnotify.h           |  25 ++++++
 include/linux/fsnotify_backend.h   |  43 ++++++++++-
 include/uapi/linux/fanotify.h      |  11 +++
 security/selinux/hooks.c           |   4 +
 15 files changed, 428 insertions(+), 36 deletions(-)

-- 
2.47.1

More information about the Linux-security-module-archive mailing list