Re: [PATCH 1/7] Security: Provide copy-up security hooks for unioned files

From: Paul Moore
Date: Fri Nov 07 2014 - 16:23:09 EST


On Wednesday, November 05, 2014 03:42:28 PM David Howells wrote:
> Provide two new security hooks for use with security files that are used
> when a file is copied up between layers:
>
> (1) security_inode_copy_up(). This is called so that the security label on
> the destination file can be set appropriately.
>
> (2) security_inode_copy_up_xattr(). This is called so that each xattr
> being copied up can be vetted - including modification and discard.

This didn't occur to me earlier, but we may want to pick a different phrase to
use instead of "copy_up" as that has a special meaning for some security/MLS
folks (although strangely enough, I suspect most of these copy-on-write
operations will be "copy up" in the MLS sense of the word).

How about "security_inode_copy_overlay" or something like that?

> + * @inode_copy_up_xattr:
> + * Filter/modify the xattrs being copied up when a unioned file is
> ...copied
> + * up from a lower layer to the union/overlay layer.
> + * @src indicates the file that is being copied up.
> + * @dst indicates the file that has being created by the copy up.
> + * @name indicates the name of the xattr.
> + * @value, *@size indicate the payload of the xattr.
> + * Returns 0 to accept the xattr, 1 to discard the xattr or a negative
> + * error code to abort the copy up. The xattr buffer must be at least
> + * XATTR_SIZE_MAX in capacity and the contents may be modified and
> ....*@size
> + * changed appropriately.

Just so I'm clean, if the LSM wanted to modify the xattr it would modify
@value/@size and return 0?

--
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/