[v1,0/5] Landlock support for UML

Message ID	20230309165455.175131-1-mic@digikod.net (mailing list archive)
Headers	show Return-Path: <linux-security-module-owner@vger.kernel.org> From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net> To: Anton Ivanov <anton.ivanov@cambridgegreys.com>, Johannes Berg <johannes@sipsolutions.net>, Richard Weinberger <richard@nod.at> Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>, Christopher Obbard <chris.obbard@collabora.com>, Guenter Roeck <groeck@chromium.org>, =?utf-8?q?G=C3=BCnther_Noack?= <gnoack3000@gmail.com>, Jakub Kicinski <kuba@kernel.org>, James Morris <jmorris@namei.org>, Jeff Xu <jeffxu@google.com>, Kees Cook <keescook@chromium.org>, Paul Moore <paul@paul-moore.com>, Ritesh Raj Sarraf <ritesh@collabora.com>, "Serge E . Hallyn" <serge@hallyn.com>, Shuah Khan <skhan@linuxfoundation.org>, Sjoerd Simons <sjoerd@collabora.com>, Willem de Bruijn <willemb@google.com>, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v1 0/5] Landlock support for UML Date: Thu, 9 Mar 2023 17:54:50 +0100 Message-Id: <20230309165455.175131-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Landlock support for UML \| expand [v1,0/5] Landlock support for UML [v1,1/5] hostfs: Fix ephemeral inodes [v1,2/5] selftests/landlock: Don't create useless file layouts [v1,3/5] selftests/landlock: Add supports_filesystem() helper [v1,4/5] selftests/landlock: Make mounts configurable [v1,5/5] selftests/landlock: Add tests for pseudo filesystems

Message ID

20230309165455.175131-1-mic@digikod.net (mailing list archive)

Headers

From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>
To: Anton Ivanov <anton.ivanov@cambridgegreys.com>,
        Johannes Berg <johannes@sipsolutions.net>,
        Richard Weinberger <richard@nod.at>
Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
 Christopher Obbard <chris.obbard@collabora.com>,
 Guenter Roeck <groeck@chromium.org>,
 =?utf-8?q?G=C3=BCnther_Noack?= <gnoack3000@gmail.com>,
 Jakub Kicinski <kuba@kernel.org>, James Morris <jmorris@namei.org>,
 Jeff Xu <jeffxu@google.com>, Kees Cook <keescook@chromium.org>,
 Paul Moore <paul@paul-moore.com>, Ritesh Raj Sarraf <ritesh@collabora.com>,
 "Serge E . Hallyn" <serge@hallyn.com>,
 Shuah Khan <skhan@linuxfoundation.org>, Sjoerd Simons <sjoerd@collabora.com>,
 Willem de Bruijn <willemb@google.com>, linux-fsdevel@vger.kernel.org,
 linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
 linux-security-module@vger.kernel.org
Subject: [PATCH v1 0/5] Landlock support for UML
Date: Thu,  9 Mar 2023 17:54:50 +0100
Message-Id: <20230309165455.175131-1-mic@digikod.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Landlock support for UML | expand

Message

Mickaël Salaün March 9, 2023, 4:54 p.m. UTC

Hi,

Commit cb2c7d1a1776 ("landlock: Support filesystem access-control")
introduced a new ARCH_EPHEMERAL_INODES configuration, only enabled for
User-Mode Linux.  The reason was that UML's hostfs managed inodes in an
ephemeral way: from the kernel point of view, the same inode struct
could be created several times while being used by user space because
the kernel didn't hold references to inodes.  Because Landlock (and
probably other subsystems) ties properties (i.e. access rights) to inode
objects, it wasn't possible to create rules that match inodes and then
allow specific accesses.

This patch series fixes the way UML manages inodes according to the
underlying filesystem.  They are now properly handles as for other
filesystems, which enables to support Landlock (and probably other
features).

Backporting these patches requires some selftest harness patches
backports too.

Regards,

Mickaël Salaün (5):
  hostfs: Fix ephemeral inodes
  selftests/landlock: Don't create useless file layouts
  selftests/landlock: Add supports_filesystem() helper
  selftests/landlock: Make mounts configurable
  selftests/landlock: Add tests for pseudo filesystems

 arch/Kconfig                               |   7 -
 arch/um/Kconfig                            |   1 -
 fs/hostfs/hostfs.h                         |   1 +
 fs/hostfs/hostfs_kern.c                    | 213 ++++++------
 fs/hostfs/hostfs_user.c                    |   1 +
 security/landlock/Kconfig                  |   2 +-
 tools/testing/selftests/landlock/config    |   8 +-
 tools/testing/selftests/landlock/fs_test.c | 381 +++++++++++++++++++--
 8 files changed, 472 insertions(+), 142 deletions(-)


base-commit: fe15c26ee26efa11741a7b632e9f23b01aca4cc6

Comments

Mickaël Salaün March 21, 2023, 9:18 p.m. UTC | #1

Richard, Anton, Johannes, what do you think about these UML changes?


On 09/03/2023 17:54, Mickaël Salaün wrote:
> Hi,
> 
> Commit cb2c7d1a1776 ("landlock: Support filesystem access-control")
> introduced a new ARCH_EPHEMERAL_INODES configuration, only enabled for
> User-Mode Linux.  The reason was that UML's hostfs managed inodes in an
> ephemeral way: from the kernel point of view, the same inode struct
> could be created several times while being used by user space because
> the kernel didn't hold references to inodes.  Because Landlock (and
> probably other subsystems) ties properties (i.e. access rights) to inode
> objects, it wasn't possible to create rules that match inodes and then
> allow specific accesses.
> 
> This patch series fixes the way UML manages inodes according to the
> underlying filesystem.  They are now properly handles as for other
> filesystems, which enables to support Landlock (and probably other
> features).
> 
> Backporting these patches requires some selftest harness patches
> backports too.
> 
> Regards,
> 
> Mickaël Salaün (5):
>    hostfs: Fix ephemeral inodes
>    selftests/landlock: Don't create useless file layouts
>    selftests/landlock: Add supports_filesystem() helper
>    selftests/landlock: Make mounts configurable
>    selftests/landlock: Add tests for pseudo filesystems
> 
>   arch/Kconfig                               |   7 -
>   arch/um/Kconfig                            |   1 -
>   fs/hostfs/hostfs.h                         |   1 +
>   fs/hostfs/hostfs_kern.c                    | 213 ++++++------
>   fs/hostfs/hostfs_user.c                    |   1 +
>   security/landlock/Kconfig                  |   2 +-
>   tools/testing/selftests/landlock/config    |   8 +-
>   tools/testing/selftests/landlock/fs_test.c | 381 +++++++++++++++++++--
>   8 files changed, 472 insertions(+), 142 deletions(-)
> 
> 
> base-commit: fe15c26ee26efa11741a7b632e9f23b01aca4cc6

Richard Weinberger March 21, 2023, 9:38 p.m. UTC | #2

----- Ursprüngliche Mail -----
> Von: "Mickaël Salaün" <mic@digikod.net>
> Richard, Anton, Johannes, what do you think about these UML changes?

I like them but didn't had a chance for a deeper look so far. :-S

Thanks,
//richard

Mickaël Salaün April 4, 2023, 1:52 p.m. UTC | #3

On 21/03/2023 22:38, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
>> Von: "Mickaël Salaün" <mic@digikod.net>
>> Richard, Anton, Johannes, what do you think about these UML changes?
> 
> I like them but didn't had a chance for a deeper look so far. :-S

Good! Do you think it could make it for v6.4?  Should we push it in 
-next for testing?

Thanks,
  Mickaël

Mickaël Salaün May 4, 2023, 4:01 p.m. UTC | #4

Hi Richard, any news?

On 04/04/2023 15:52, Mickaël Salaün wrote:
> 
> On 21/03/2023 22:38, Richard Weinberger wrote:
>> ----- Ursprüngliche Mail -----
>>> Von: "Mickaël Salaün" <mic@digikod.net>
>>> Richard, Anton, Johannes, what do you think about these UML changes?
>>
>> I like them but didn't had a chance for a deeper look so far. :-S
> 
> Good! Do you think it could make it for v6.4?  Should we push it in
> -next for testing?
> 
> Thanks,
>    Mickaël