Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)

From: Mickaël Salaün
Date: Mon Sep 14 2020 - 12:45:44 EST

Next message: Russ Anderson: "Re: [PATCH v2 0/2] UEFI v2.8 Memory Error Record Updates"
Previous message: Oliver Swede: "[PATCH v5 01/14] arm64: Allow passing fault address to fixup handlers"
In reply to: James Morris: "Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)"
Next in thread: Arnd Bergmann: "Re: [RFC PATCH v9 2/3] arch: Wire up introspect_access(2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arnd and Michael,

What do you think of "should_faccessat" or "entrusted_faccessat" for
this new system call?

On 12/09/2020 02:28, James Morris wrote:
> On Thu, 10 Sep 2020, Matthew Wilcox wrote:
>
>> On Thu, Sep 10, 2020 at 08:38:21PM +0200, Mickaël Salaün wrote:
>>> There is also the use case of noexec mounts and file permissions. From
>>> user space point of view, it doesn't matter which kernel component is in
>>> charge of defining the policy. The syscall should then not be tied with
>>> a verification/integrity/signature/appraisal vocabulary, but simply an
>>> access control one.
>>
>> permission()?
>>
>
> The caller is not asking the kernel to grant permission, it's asking
> "SHOULD I access this file?"
>
> The caller doesn't know, for example, if the script file it's about to
> execute has been signed, or if it's from a noexec mount. It's asking the
> kernel, which does know. (Note that this could also be extended to reading
> configuration files).
>
> How about: should_faccessat ?
>

Sounds good to me.

Next message: Russ Anderson: "Re: [PATCH v2 0/2] UEFI v2.8 Memory Error Record Updates"
Previous message: Oliver Swede: "[PATCH v5 01/14] arm64: Allow passing fault address to fixup handlers"
In reply to: James Morris: "Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)"
Next in thread: Arnd Bergmann: "Re: [RFC PATCH v9 2/3] arch: Wire up introspect_access(2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]