CINXE.COM
LKML: Tony Jones: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>LKML: Tony Jones: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path</title><link href="/css/message.css" rel="stylesheet" type="text/css" /><link href="/css/wrap.css" rel="alternate stylesheet" type="text/css" title="wrap" /><link href="/css/nowrap.css" rel="stylesheet" type="text/css" title="nowrap" /><link href="/favicon.ico" rel="shortcut icon" /><script src="/js/simple-calendar.js" type="text/javascript"></script><script src="/js/styleswitcher.js" type="text/javascript"></script><link rel="alternate" type="application/rss+xml" title="lkml.org : last 100 messages" href="/rss.php" /><link rel="alternate" type="application/rss+xml" title="lkml.org : last messages by Tony Jones" href="/groupie.php?aid=17316" /><!--Matomo--><script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(["setDoNotTrack", true]); _paq.push(["disableCookies"]); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//m.lkml.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script><!--End Matomo Code--></head><body onload="es.jasper.simpleCalendar.init();" itemscope="itemscope" itemtype="http://schema.org/BlogPosting"><table border="0" cellpadding="0" cellspacing="0"><tr><td width="180" align="center"><a href="/"><img style="border:0;width:135px;height:32px" src="/images/toprowlk.gif" alt="lkml.org" /></a></td><td width="32">聽</td><td class="nb"><div><a class="nb" href="/lkml"> [lkml]</a> 聽 <a class="nb" href="/lkml/2006"> [2006]</a> 聽 <a class="nb" href="/lkml/2006/4"> [Apr]</a> 聽 <a class="nb" href="/lkml/2006/4/19"> [19]</a> 聽 <a class="nb" href="/lkml/last100"> [last100]</a> 聽 <a href="/rss.php"><img src="/images/rss-or.gif" border="0" alt="RSS Feed" /></a></div><div>Views: <a href="#" class="nowrap" onclick="setActiveStyleSheet('wrap');return false;">[wrap]</a><a href="#" class="wrap" onclick="setActiveStyleSheet('nowrap');return false;">[no wrap]</a> 聽 <a class="nb" href="/lkml/mheaders/2006/4/19/207" onclick="this.href='/lkml/headers'+'/2006/4/19/207';">[headers]</a>聽 <a href="/lkml/bounce/2006/4/19/207">[forward]</a>聽 </div></td><td width="32">聽</td></tr><tr><td valign="top"><div class="es-jasper-simpleCalendar" baseurl="/lkml/"></div><div class="threadlist">Messages in this thread</div><ul class="threadlist"><li class="root"><a href="/lkml/2006/4/19/199">First message in thread</a></li><li><a href="/lkml/2006/4/19/199">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/200">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/214">Arjan van de Ven</a><ul><li><a href="/lkml/2006/4/20/229">Tony Jones</a></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/201">Tony Jones</a><ul><li><a href="/lkml/2006/4/21/317">Amy Griffis</a></li></ul></li><li><a href="/lkml/2006/4/19/202">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/213">Arjan van de Ven</a><ul><li><a href="/lkml/2006/4/19/224">Tony Jones</a></li></ul></li><li><a href="/lkml/2006/4/19/233"> Valdis.Kletnieks@vt ...</a></li><li><a href="/lkml/2006/4/19/277">Adrian Bunk</a><ul><li><a href="/lkml/2006/4/19/293">Tony Jones</a></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/203">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/220">Arjan van de Ven</a><ul><li><a href="/lkml/2006/4/19/245">Crispin Cowan</a><ul><li><a href="/lkml/2006/4/19/338">Rik van Riel</a></li><li><a href="/lkml/2006/4/20/116">Stephen Smalley</a></li></ul></li><li><a href="/lkml/2006/4/20/225">Tony Jones</a></li></ul></li><li><a href="/lkml/2006/4/19/264">Jan Engelhardt</a></li><li><a href="/lkml/2006/4/19/270">Stephen Smalley</a></li><li><a href="/lkml/2006/4/20/56">Al Viro</a><ul><li><a href="/lkml/2006/4/20/87">"Serge E. Hallyn"</a><ul><li><a href="/lkml/2006/4/20/295">Tony Jones</a></li></ul></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/204">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/316">Christoph Hellwig</a></li><li><a href="/lkml/2006/4/20/96">Stephen Smalley</a><ul><li><a href="/lkml/2006/4/20/99">"Serge E. Hallyn"</a><ul><li><a href="/lkml/2006/4/20/103">Stephen Smalley</a></li></ul></li><li><a href="/lkml/2006/4/20/298">Linda Walsh</a><ul><li><a href="/lkml/2006/4/20/300">Al Viro</a></li><li><a href="/lkml/2006/4/21/150">Stephen Smalley</a></li></ul></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/205">Tony Jones</a><ul><li><a href="/lkml/2006/4/21/322">Amy Griffis</a><ul><li><a href="/lkml/2006/4/21/369">Steve Grubb</a><ul><li><a href="/lkml/2006/4/21/370">Tony Jones</a></li></ul></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/206">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/216">Arjan van de Ven</a></li></ul></li><li class="origin"><a href="/lkml/2006/4/19/317">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/317">Christoph Hellwig</a><ul><li><a href="/lkml/2006/4/20/12">Tony Jones</a><ul><li><a href="/lkml/2006/4/20/43">Arjan van de Ven</a></li><li><a href="/lkml/2006/4/24/82">Alan Cox</a></li></ul></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/209">Tony Jones</a><ul><li><a href="/lkml/2006/4/19/258">Stephen Hemminger</a></li></ul></li><li><a href="/lkml/2006/4/19/210">Tony Jones</a></li><li><a href="/lkml/2006/4/19/211">Tony Jones</a><ul><li><a href="/lkml/2006/4/22/47">Pavel Machek</a><ul><li><a href="/lkml/2006/4/21/250">Tony Jones</a></li><li><a href="/lkml/2006/4/21/261">Pavel Machek</a></li></ul></li></ul></li><li><a href="/lkml/2006/4/19/223">Arjan van de Ven</a><ul><li><a href="/lkml/2006/4/19/325">Andi Kleen</a><ul><li><a href="/lkml/2006/4/19/339">grundig</a><ul><li><a href="/lkml/2006/4/19/349">Andi Kleen</a></li></ul></li><li><a href="/lkml/2006/4/20/45">Arjan van de Ven</a><ul><li><a href="/lkml/2006/4/20/249">Crispin Cowan</a></li><li><a href="/lkml/2006/4/20/250">Chris Wright</a></li></ul></li><li><a href="/lkml/2006/4/20/86">"Serge E. Hallyn"</a></li><li><a href="/lkml/2006/4/20/113">Christoph Hellwig</a></li><li><a href="/lkml/2006/4/20/317">"Linda A. Walsh"</a></li></ul></li></ul></li><li><a href="/lkml/2006/4/20/108">Stephen Smalley</a><ul><li><a href="/lkml/2006/4/20/152">Joshua Brindle</a></li><li><a href="/lkml/2006/4/20/264">Crispin Cowan</a><ul><li><a href="/lkml/2006/4/21/143">Stephen Smalley</a></li></ul></li></ul></li><li><a href="/lkml/2006/4/22/45">Pavel Machek</a></li></ul></li></ul><div class="threadlist">Patch in this message</div><ul class="threadlist"><li><a href="/lkml/diff/2006/4/19/207/1">Get diff 1</a></li></ul></td><td width="32" rowspan="2" class="c" valign="top"><img src="/images/icornerl.gif" width="32" height="32" alt="/" /></td><td class="c" rowspan="2" valign="top" style="padding-top: 1em"><table><tr><td><table><tr><td class="lp">From</td><td class="rp" itemprop="author">Tony Jones <></td></tr><tr><td class="lp">Date</td><td class="rp" itemprop="datePublished">Wed, 19 Apr 2006 10:50:26 -0700</td></tr><tr><td class="lp">Subject</td><td class="rp" itemprop="name">[RFC][PATCH 10/11] security: AppArmor - Add flags to d_path</td></tr></table></td><td></td></tr></table><pre itemprop="articleBody">This patch adds a new function d_path_flags which takes an additional flags<br />parameter. Adding a new function rather than ammending the existing d_path<br />was done to avoid impact on the current users.<br /><br />It is not essential for inclusion with AppArmor (the apparmor_mediation.patch<br />can easily be revised to use plain d_path) but it enables cleaner code <br />["(delete)" handling] and closes a loophole with pathname generation for <br />chrooted tasks. <br /><br />It currently adds two flags:<br /><br />DPATH_SYSROOT:<br /> d_path should generate a path from the system root rather than the<br /> task's current root. <br /><br /> For AppArmor this enables generation of absolute pathnames in all<br /> cases. Currently when a task is chrooted, file access is reported<br /> relative to the chroot. Because it is currently not possible to <br /> obtain the absolute path in an SMP safe way, without this patch <br /> AppArmor will have to report chroot-relative pathnames.<br /><br />DPATH_NODELETED:<br /> d_path should not append "(deleted)" to unhashed entries. Sometimes<br /> this information is not useful for the caller and the string can<br /> exist as the suffix of a valid pathname.<br /><br />Signed-off-by: Tony Jones <tonyj@suse.de><br /><br />---<br /> fs/dcache.c | 48 ++++++++++++++++++++++++++++++++----------------<br /> include/linux/dcache.h | 7 +++++++<br /> 2 files changed, 39 insertions(+), 16 deletions(-)<br /><br />--- linux-2.6.17-rc1.orig/fs/dcache.c<br />+++ linux-2.6.17-rc1/fs/dcache.c<br />@@ -1381,9 +1381,11 @@<br /> * @rootmnt: vfsmnt to which the root dentry belongs<br /> * @buffer: buffer to return value in<br /> * @buflen: buffer length<br />+ * @flags: control flags<br /> *<br /> * Convert a dentry into an ASCII path name. If the entry has been deleted<br />- * the string " (deleted)" is appended. Note that this is ambiguous.<br />+ * and DPATH_NODELETED is not specified in flags then the string " (deleted)"<br />+ * is appended. Note that this is ambiguous.<br /> *<br /> * Returns the buffer or an error code if the path was too long.<br /> *<br />@@ -1391,7 +1393,7 @@<br /> */<br /> static char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt,<br /> struct dentry *root, struct vfsmount *rootmnt,<br />- char *buffer, int buflen)<br />+ char *buffer, int buflen, unsigned int flags)<br /> {<br /> char * end = buffer+buflen;<br /> char * retval;<br />@@ -1399,7 +1401,8 @@<br /> <br /> *--end = '\0';<br /> buflen--;<br />- if (!IS_ROOT(dentry) && d_unhashed(dentry)) {<br />+ if (!(flags & DPATH_NODELETED) &&<br />+ !IS_ROOT(dentry) && d_unhashed(dentry)) {<br /> buflen -= 10;<br /> end -= 10;<br /> if (buflen < 0)<br />@@ -1416,7 +1419,8 @@<br /> for (;;) {<br /> struct dentry * parent;<br /> <br />- if (dentry == root && vfsmnt == rootmnt)<br />+ if (!(flags & DPATH_SYSROOT) &&<br />+ dentry == root && vfsmnt == rootmnt)<br /> break;<br /> if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {<br /> /* Global root? */<br />@@ -1458,25 +1462,36 @@<br /> }<br /> <br /> /* write full pathname into buffer and return start of pathname */<br />-char * d_path(struct dentry *dentry, struct vfsmount *vfsmnt,<br />- char *buf, int buflen)<br />+char * d_path_flags(struct dentry *dentry, struct vfsmount *vfsmnt,<br />+ char *buf, int buflen, unsigned int flags)<br /> {<br /> char *res;<br />- struct vfsmount *rootmnt;<br />- struct dentry *root;<br />+ struct vfsmount *rootmnt = NULL;<br />+ struct dentry *root = NULL;<br /> <br />- read_lock(&current->fs->lock);<br />- rootmnt = mntget(current->fs->rootmnt);<br />- root = dget(current->fs->root);<br />- read_unlock(&current->fs->lock);<br />+ if (!(flags & DPATH_SYSROOT)){<br />+ read_lock(&current->fs->lock);<br />+ rootmnt = mntget(current->fs->rootmnt);<br />+ root = dget(current->fs->root);<br />+ read_unlock(&current->fs->lock);<br />+ }<br /> spin_lock(&dcache_lock);<br />- res = __d_path(dentry, vfsmnt, root, rootmnt, buf, buflen);<br />+ res = __d_path(dentry, vfsmnt, root, rootmnt, buf, buflen, flags);<br /> spin_unlock(&dcache_lock);<br />- dput(root);<br />- mntput(rootmnt);<br />+ if (!(flags & DPATH_SYSROOT)){<br />+ dput(root);<br />+ mntput(rootmnt);<br />+ }<br /> return res;<br /> }<br /> <br />+/* original d_path without support for flags */<br />+char * d_path(struct dentry *dentry, struct vfsmount *vfsmnt,<br />+ char *buf, int buflen)<br />+{<br />+ return d_path_flags(dentry, vfsmnt, buf, buflen, 0);<br />+}<br />+<br /> /*<br /> * NOTE! The user-level library version returns a<br /> * character pointer. The kernel system call just<br />@@ -1519,7 +1534,7 @@<br /> unsigned long len;<br /> char * cwd;<br /> <br />- cwd = __d_path(pwd, pwdmnt, root, rootmnt, page, PAGE_SIZE);<br />+ cwd = __d_path(pwd, pwdmnt, root, rootmnt, page, PAGE_SIZE, 0);<br /> spin_unlock(&dcache_lock);<br /> <br /> error = PTR_ERR(cwd);<br />@@ -1771,6 +1786,7 @@<br /> EXPORT_SYMBOL(d_invalidate);<br /> EXPORT_SYMBOL(d_lookup);<br /> EXPORT_SYMBOL(d_move);<br />+EXPORT_SYMBOL(d_path_flags);<br /> EXPORT_SYMBOL(d_path);<br /> EXPORT_SYMBOL(d_prune_aliases);<br /> EXPORT_SYMBOL(d_rehash);<br />--- linux-2.6.17-rc1.orig/include/linux/dcache.h<br />+++ linux-2.6.17-rc1/include/linux/dcache.h<br />@@ -164,6 +164,10 @@<br /> <br /> #define DCACHE_INOTIFY_PARENT_WATCHED 0x0020 /* Parent inode is watched */<br /> <br />+/* dpath flags */<br />+#define DPATH_SYSROOT 0x0001 /* continue past fsroot (chroot) */<br />+#define DPATH_NODELETED 0x0002 /* do not append " (deleted)" */<br />+<br /> extern spinlock_t dcache_lock;<br /> <br /> /**<br />@@ -281,6 +285,9 @@<br /> extern int d_validate(struct dentry *, struct dentry *);<br /> <br /> extern char * d_path(struct dentry *, struct vfsmount *, char *, int);<br />+<br />+extern char * d_path_flags(struct dentry *, struct vfsmount *, char *, int,<br />+ unsigned int);<br /> <br /> /* Allocation counts.. */<br /> <br />-<br />To unsubscribe from this list: send the line "unsubscribe linux-kernel" in<br />the body of a message to majordomo@vger.kernel.org<br />More majordomo info at <a href="http://vger.kernel.org/majordomo-info.html">http://vger.kernel.org/majordomo-info.html</a><br />Please read the FAQ at <a href="http://www.tux.org/lkml/">http://www.tux.org/lkml/</a><br /></pre></td><td width="32" rowspan="2" class="c" valign="top"><img src="/images/icornerr.gif" width="32" height="32" alt="\" /></td></tr><tr><td align="right" valign="bottom"> 聽 </td></tr><tr><td align="right" valign="bottom">聽</td><td class="c" valign="bottom" style="padding-bottom: 0px"><img src="/images/bcornerl.gif" width="32" height="32" alt="\" /></td><td class="c">聽</td><td class="c" valign="bottom" style="padding-bottom: 0px"><img src="/images/bcornerr.gif" width="32" height="32" alt="/" /></td></tr><tr><td align="right" valign="top" colspan="2"> 聽 </td><td class="lm">Last update: 2006-04-19 19:58 聽聽 [from the cache]<br />漏2003-2020 <a href="http://blog.jasper.es/"><span itemprop="editor">Jasper Spaans</span></a>|hosted at <a href="https://www.digitalocean.com/?refcode=9a8e99d24cf9">Digital Ocean</a> and my Meterkast|<a href="http://blog.jasper.es/categories.html#lkml-ref">Read the blog</a></td><td>聽</td></tr></table><script language="javascript" src="/js/styleswitcher.js" type="text/javascript"></script></body></html>