Re: [git pull] mount API series

From: Eric W. Biederman
Date: Wed Oct 31 2018 - 12:19:15 EST


ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes:

> I am going to stop there. I believe there are more issues in the code.
> I am relieved that I am not seeing the loss of some of the security
> hooks that I thought I saw last time I looked at the code.

Bah. Now I see the missing security hook.

There are a set of security hooks that allow security modules to parse
mount options.

On a good day they look like:

security_mnt_opts opts;
char *secdata;

secdata = alloc_secdata();
security_sb_copy_data("a,mount,options,string", secdata);

security_init_mnt_opts(&opts);
security_parse_opts_str(secdata, &opts);
security_set_mnt_opts(sb, &opts, 0, NULL);
security_free_mnt_opts(&opts);

In practice however things are not that explicit. With
security_sb_kern_mount performing all of the mnt_opts work.

However after the rewrite in the patchset.

The function sb_kern_mount no longer exists and it's replacement
sb_get_tree out of necessity does not call parse_opts_str. This is
because the mount options can no longer be passed as a string.

The legacy compatibility code also does not call sb_parse_opts_str.

The result is using the existing apis all of the security module command
line parsing except for (btrfs and nfs) no longer works.


The changes are not structured in a way that makes any of this easy to
find. Which is why I have been saying I wouldn't do it that way. It
also is the case that this pattern repeats through out the patches.
Replacing code with something brand new, instead of evolving what is
there. That makes it easy for this kind of thing to slip through.

Eric