Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)

From: James Morris
Date: Fri Sep 11 2020 - 20:30:26 EST

Next message: David Miller: "Re: [PATCH net-next v3 0/9] net: ethernet: ti: ale: add staticconfiguration"
Previous message: David Miller: "Re: [PATCH net] net: ipa: fix u32_replace_bits by u32p_xxx version"
In reply to: Mickaël Salaün: "Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)"
Next in thread: Mickaël Salaün: "Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 10 Sep 2020, Matthew Wilcox wrote:

> On Thu, Sep 10, 2020 at 08:38:21PM +0200, Mickaël Salaün wrote:
> > There is also the use case of noexec mounts and file permissions. From
> > user space point of view, it doesn't matter which kernel component is in
> > charge of defining the policy. The syscall should then not be tied with
> > a verification/integrity/signature/appraisal vocabulary, but simply an
> > access control one.
>
> permission()?
>

The caller is not asking the kernel to grant permission, it's asking
"SHOULD I access this file?"

The caller doesn't know, for example, if the script file it's about to
execute has been signed, or if it's from a noexec mount. It's asking the
kernel, which does know. (Note that this could also be extended to reading
configuration files).

How about: should_faccessat ?

--
James Morris
<jmorris@xxxxxxxxx>

Next message: David Miller: "Re: [PATCH net-next v3 0/9] net: ethernet: ti: ale: add staticconfiguration"
Previous message: David Miller: "Re: [PATCH net] net: ipa: fix u32_replace_bits by u32p_xxx version"
In reply to: Mickaël Salaün: "Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)"
Next in thread: Mickaël Salaün: "Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]