From patchwork Tue Jan 30 18:06:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dongsu Park X-Patchwork-Id: 10192159 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6E10760383 for ; Tue, 30 Jan 2018 18:05:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5ED4E22376 for ; Tue, 30 Jan 2018 18:05:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5371923B32; Tue, 30 Jan 2018 18:05:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 466CF22376 for ; Tue, 30 Jan 2018 18:05:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753236AbeA3SFc (ORCPT ); Tue, 30 Jan 2018 13:05:32 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:36999 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752991AbeA3SFa (ORCPT ); Tue, 30 Jan 2018 13:05:30 -0500 Received: by mail-wm0-f68.google.com with SMTP id v71so2964326wmv.2 for ; Tue, 30 Jan 2018 10:05:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=BrRnskxhxP8locBzAQYENURWJ8kEVzvF9SSjSOZFrjY=; b=fkEuLkC+2ddT3ZXO+/Z5sdLAHBTzOwVkmDeENIPwQiKSR1JMQDPrBZuCu7Tbja42vh N2L5Iocu/cQKOkjeARcETf7Z0h0kANY7JW74CuYS9TWe/BaFLHYe1stvalNxqvbxz1FU 1qxUVS37LM2jx1+8A1OGFimzpb6c92t1UQE4E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=BrRnskxhxP8locBzAQYENURWJ8kEVzvF9SSjSOZFrjY=; b=SKDbNUwN6Hw9MqKMLNUDxHIzcgPqqUxpJpjvCLaKrbD1CLWyhWOJuCSk7f4tq/3+9B WtLKXGb+A2ztFod9xBSXTP7iocFC9f5NXkWB+PWYMT2iKDtsqhlauKhoHjsuIeljJe4N RC7pz6PsVhjIUFLvBeYXbJvckd2KulEfz0Xr46Fl0g2lUiW18VtBGHzudU4qa9Ypu0cg TXu0i7I6cphD9w340e1+X7Vr9mVW+tcm+xR+JUzztiUGFOLef+nc7qHqjdwXJGoEC0ig 1XYLpcyo4TrVuL7eROHHXqRGBGstFIzd+Qn7k9Y65msoedOMllvj8yW1gbKC6PLT5AnM U3dA== X-Gm-Message-State: AKwxytf8zJzyjhpPkCANgo4RUxxCQEYwXlNsRtlrRYj3/6/4KyF4x7JI vN9mKBFQxAGa6b1tubiHvbafZw== X-Google-Smtp-Source: AH8x224K4tnc4itxgoFoMGepgZg4+cwdlRuIO0mtFCpMoO6s7hsU7PeTeH1dpQNGCeychqG6Z1Y2/A== X-Received: by 10.80.212.216 with SMTP id e24mr51955949edj.99.1517335528968; Tue, 30 Jan 2018 10:05:28 -0800 (PST) Received: from dberlin.localdomain (cable-86-56-52-218.cust.telecolumbus.net. [86.56.52.218]) by smtp.gmail.com with ESMTPSA id z49sm7692787edd.93.2018.01.30.10.05.27 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 30 Jan 2018 10:05:28 -0800 (PST) From: Dongsu Park To: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alban Crequy , Dongsu Park , Miklos Szeredi , Alexander Viro , Mimi Zohar , Dmitry Kasatkin , James Morris , Christoph Hellwig , "Serge E . Hallyn" , Seth Forshee , Miklos Szeredi Subject: [RFC PATCH v4 1/2] fuse: introduce new fs_type flag FS_IMA_NO_CACHE Date: Tue, 30 Jan 2018 19:06:31 +0100 Message-Id: <86832c6adb256f29f44b6229222b80964fc8cfcc.1517314847.git.dongsu@kinvolk.io> X-Mailer: git-send-email 2.13.6 In-Reply-To: References: In-Reply-To: References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alban Crequy This new fs_type flag FS_IMA_NO_CACHE means files should be re-measured, re-appraised and re-audited each time. Cached integrity results should not be used. It is useful in FUSE because the userspace FUSE process can change the underlying files at any time without notifying the kernel. Cc: linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: Miklos Szeredi Cc: Alexander Viro Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: James Morris Cc: Christoph Hellwig Acked-by: "Serge E. Hallyn" Acked-by: Seth Forshee Tested-by: Dongsu Park Signed-off-by: Alban Crequy Acked-by: Miklos Szeredi --- fs/fuse/inode.c | 2 +- include/linux/fs.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 624f18bb..0a9e5164 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -1205,7 +1205,7 @@ static void fuse_kill_sb_anon(struct super_block *sb) static struct file_system_type fuse_fs_type = { .owner = THIS_MODULE, .name = "fuse", - .fs_flags = FS_HAS_SUBTYPE, + .fs_flags = FS_HAS_SUBTYPE | FS_IMA_NO_CACHE, .mount = fuse_mount, .kill_sb = fuse_kill_sb_anon, }; diff --git a/include/linux/fs.h b/include/linux/fs.h index 511fbaab..ced841ba 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2075,6 +2075,7 @@ struct file_system_type { #define FS_BINARY_MOUNTDATA 2 #define FS_HAS_SUBTYPE 4 #define FS_USERNS_MOUNT 8 /* Can be mounted by userns root */ +#define FS_IMA_NO_CACHE 16 /* Force IMA to re-measure, re-appraise, re-audit files */ #define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */ struct dentry *(*mount) (struct file_system_type *, int, const char *, void *);