[PATCH 0/8] Security: Provide unioned file support

From: David Howells
Date: Thu Jun 18 2015 - 09:32:31 EST

Next message: David Howells: "[PATCH 1/8] overlay: Call ovl_drop_write() earlier in ovl_dentry_open()"
Previous message: tip-bot for John Stultz: "[tip:timers/core] selftest: Timers: Avoid signal deadlock in leap-a-day"
Next in thread: David Howells: "[PATCH 1/8] overlay: Call ovl_drop_write() earlier in ovl_dentry_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The attached patches provide security support for unioned files where the
security involves an object-label-based LSM (such as SELinux) rather than a
path-based LSM.

The patches can be broken down into a number of sets:

(1) A small patch to drop a lock earlier in overlayfs. The main VFS patch
touches the same code, so I put this first.

(2) The main VFS patch that makes an open file struct referring to a union
file have ->f_path point to the union/overlay file whilst ->f_inode and
->f_mapping refer to the subordinate file that does the actual work.

(3) LSM hooks to handle copy up of a file, including label setting and xattr
filtration and SELinux implementations of these hooks.

(4) LSM hooks to handle file open and file permission checking for the
instance where a union/overlay file is opened that actually falls through
to a subordinate file (ie. as (2) above) and the SELinux implementation.

(5) An SELinux patch to make a common helper for several functions that need
to determine the label for an inode.

The first two patches can be found here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=for-viro

And all the patches here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=overlayfs

Tagged with overlay-pin-20150618.

This is based on part of Al Viro's vfs/for-next branch. However, the security
bits will need to go through the security tree - but after first two patches
are taken through the VFS tree.

David
---
David Howells (8):
overlay: Call ovl_drop_write() earlier in ovl_dentry_open()
overlayfs: Make f_path always point to the overlay and f_inode to the underlay
Security: Provide copy-up security hooks for unioned files
Overlayfs: Use copy-up security hooks
SELinux: Stub in copy-up handling
SELinux: Handle opening of a unioned file
SELinux: Create a common helper to determine an inode label
SELinux: Check against union label for file operations

fs/dcache.c | 5 +
fs/internal.h | 1
fs/open.c | 49 +++++-----
fs/overlayfs/copy_up.c | 12 ++
fs/overlayfs/inode.c | 22 +---
fs/overlayfs/overlayfs.h | 1
fs/overlayfs/super.c | 1
include/linux/dcache.h | 2
include/linux/fs.h | 2
include/linux/security.h | 36 +++++++
security/capability.c | 13 +++
security/security.c | 13 +++
security/selinux/hooks.c | 185 +++++++++++++++++++++++++++----------
security/selinux/include/objsec.h | 1
14 files changed, 254 insertions(+), 89 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "[PATCH 1/8] overlay: Call ovl_drop_write() earlier in ovl_dentry_open()"
Previous message: tip-bot for John Stultz: "[tip:timers/core] selftest: Timers: Avoid signal deadlock in leap-a-day"
Next in thread: David Howells: "[PATCH 1/8] overlay: Call ovl_drop_write() earlier in ovl_dentry_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]