mirror of
https://github.com/torvalds/linux
synced 2024-07-22 03:01:14 +00:00
442d27ff09
When security labeling is enabled, the client can pass a file security
label as part of a create operation for the new file, similar to mode
and other attributes. At present, the security label is received by nfsd
and passed down to nfsd_create_setattr(), but nfsd_setattr() is never
called and therefore the label is never set on the new file. This bug
may have been introduced on or around commit d6a97d3f58 ("NFSD:
add security label to struct nfsd_attrs"). Looking at nfsd_setattr()
I am uncertain as to whether the same issue presents for
file ACLs and therefore requires a similar fix for those.
An alternative approach would be to introduce a new LSM hook to set the
"create SID" of the current task prior to the actual file creation, which
would atomically label the new inode at creation time. This would be better
for SELinux and a similar approach has been used previously
(see security_dentry_create_files_as) but perhaps not usable by other LSMs.
Reproducer:
1. Install a Linux distro with SELinux - Fedora is easiest
2. git clone https://github.com/SELinuxProject/selinux-testsuite
3. Install the requisite dependencies per selinux-testsuite/README.md
4. Run something like the following script:
MOUNT=$HOME/selinux-testsuite
sudo systemctl start nfs-server
sudo exportfs -o rw,no_root_squash,security_label localhost:$MOUNT
sudo mkdir -p /mnt/selinux-testsuite
sudo mount -t nfs -o vers=4.2 localhost:$MOUNT /mnt/selinux-testsuite
pushd /mnt/selinux-testsuite/
sudo make -C policy load
pushd tests/filesystem
sudo runcon -t test_filesystem_t ./create_file -f trans_test_file \
-e test_filesystem_filetranscon_t -v
sudo rm -f trans_test_file
popd
sudo make -C policy unload
popd
sudo umount /mnt/selinux-testsuite
sudo exportfs -u localhost:$MOUNT
sudo rmdir /mnt/selinux-testsuite
sudo systemctl stop nfs-server
Expected output:
<eliding noise from commands run prior to or after the test itself>
Process context:
unconfined_u:unconfined_r:test_filesystem_t:s0-s0:c0.c1023
Created file: trans_test_file
File context: unconfined_u:object_r:test_filesystem_filetranscon_t:s0
File context is correct
Actual output:
<eliding noise from commands run prior to or after the test itself>
Process context:
unconfined_u:unconfined_r:test_filesystem_t:s0-s0:c0.c1023
Created file: trans_test_file
File context: system_u:object_r:test_file_t:s0
File context error, expected:
test_filesystem_filetranscon_t
got:
test_file_t
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
195 lines
6.4 KiB
C
195 lines
6.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 1995-1997 Olaf Kirch <okir@monad.swb.de>
|
|
*/
|
|
|
|
#ifndef LINUX_NFSD_VFS_H
|
|
#define LINUX_NFSD_VFS_H
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/posix_acl.h>
|
|
#include "nfsfh.h"
|
|
#include "nfsd.h"
|
|
|
|
/*
|
|
* Flags for nfsd_permission
|
|
*/
|
|
#define NFSD_MAY_NOP 0
|
|
#define NFSD_MAY_EXEC 0x001 /* == MAY_EXEC */
|
|
#define NFSD_MAY_WRITE 0x002 /* == MAY_WRITE */
|
|
#define NFSD_MAY_READ 0x004 /* == MAY_READ */
|
|
#define NFSD_MAY_SATTR 0x008
|
|
#define NFSD_MAY_TRUNC 0x010
|
|
#define NFSD_MAY_LOCK 0x020
|
|
#define NFSD_MAY_MASK 0x03f
|
|
|
|
/* extra hints to permission and open routines: */
|
|
#define NFSD_MAY_OWNER_OVERRIDE 0x040
|
|
#define NFSD_MAY_LOCAL_ACCESS 0x080 /* for device special files */
|
|
#define NFSD_MAY_BYPASS_GSS_ON_ROOT 0x100
|
|
#define NFSD_MAY_NOT_BREAK_LEASE 0x200
|
|
#define NFSD_MAY_BYPASS_GSS 0x400
|
|
#define NFSD_MAY_READ_IF_EXEC 0x800
|
|
|
|
#define NFSD_MAY_64BIT_COOKIE 0x1000 /* 64 bit readdir cookies for >= NFSv3 */
|
|
|
|
#define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE)
|
|
#define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC)
|
|
|
|
struct nfsd_file;
|
|
|
|
/*
|
|
* Callback function for readdir
|
|
*/
|
|
typedef int (*nfsd_filldir_t)(void *, const char *, int, loff_t, u64, unsigned);
|
|
|
|
/* nfsd/vfs.c */
|
|
struct nfsd_attrs {
|
|
struct iattr *na_iattr; /* input */
|
|
struct xdr_netobj *na_seclabel; /* input */
|
|
struct posix_acl *na_pacl; /* input */
|
|
struct posix_acl *na_dpacl; /* input */
|
|
|
|
int na_labelerr; /* output */
|
|
int na_aclerr; /* output */
|
|
};
|
|
|
|
static inline void nfsd_attrs_free(struct nfsd_attrs *attrs)
|
|
{
|
|
posix_acl_release(attrs->na_pacl);
|
|
posix_acl_release(attrs->na_dpacl);
|
|
}
|
|
|
|
static inline bool nfsd_attrs_valid(struct nfsd_attrs *attrs)
|
|
{
|
|
struct iattr *iap = attrs->na_iattr;
|
|
|
|
return (iap->ia_valid || (attrs->na_seclabel &&
|
|
attrs->na_seclabel->len));
|
|
}
|
|
|
|
__be32 nfserrno (int errno);
|
|
int nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
|
|
struct svc_export **expp);
|
|
__be32 nfsd_lookup(struct svc_rqst *, struct svc_fh *,
|
|
const char *, unsigned int, struct svc_fh *);
|
|
__be32 nfsd_lookup_dentry(struct svc_rqst *, struct svc_fh *,
|
|
const char *, unsigned int,
|
|
struct svc_export **, struct dentry **);
|
|
__be32 nfsd_setattr(struct svc_rqst *, struct svc_fh *,
|
|
struct nfsd_attrs *, const struct timespec64 *);
|
|
int nfsd_mountpoint(struct dentry *, struct svc_export *);
|
|
#ifdef CONFIG_NFSD_V4
|
|
__be32 nfsd4_vfs_fallocate(struct svc_rqst *, struct svc_fh *,
|
|
struct file *, loff_t, loff_t, int);
|
|
__be32 nfsd4_clone_file_range(struct svc_rqst *rqstp,
|
|
struct nfsd_file *nf_src, u64 src_pos,
|
|
struct nfsd_file *nf_dst, u64 dst_pos,
|
|
u64 count, bool sync);
|
|
#endif /* CONFIG_NFSD_V4 */
|
|
__be32 nfsd_create_locked(struct svc_rqst *, struct svc_fh *,
|
|
struct nfsd_attrs *attrs, int type, dev_t rdev,
|
|
struct svc_fh *res);
|
|
__be32 nfsd_create(struct svc_rqst *, struct svc_fh *,
|
|
char *name, int len, struct nfsd_attrs *attrs,
|
|
int type, dev_t rdev, struct svc_fh *res);
|
|
__be32 nfsd_access(struct svc_rqst *, struct svc_fh *, u32 *, u32 *);
|
|
__be32 nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
struct svc_fh *resfhp, struct nfsd_attrs *iap);
|
|
__be32 nfsd_commit(struct svc_rqst *rqst, struct svc_fh *fhp,
|
|
struct nfsd_file *nf, u64 offset, u32 count,
|
|
__be32 *verf);
|
|
#ifdef CONFIG_NFSD_V4
|
|
__be32 nfsd_getxattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
char *name, void **bufp, int *lenp);
|
|
__be32 nfsd_listxattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
char **bufp, int *lenp);
|
|
__be32 nfsd_removexattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
char *name);
|
|
__be32 nfsd_setxattr(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
char *name, void *buf, u32 len, u32 flags);
|
|
#endif
|
|
int nfsd_open_break_lease(struct inode *, int);
|
|
__be32 nfsd_open(struct svc_rqst *, struct svc_fh *, umode_t,
|
|
int, struct file **);
|
|
int nfsd_open_verified(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
int may_flags, struct file **filp);
|
|
__be32 nfsd_splice_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
struct file *file, loff_t offset,
|
|
unsigned long *count,
|
|
u32 *eof);
|
|
__be32 nfsd_iter_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
struct file *file, loff_t offset,
|
|
unsigned long *count, unsigned int base,
|
|
u32 *eof);
|
|
bool nfsd_read_splice_ok(struct svc_rqst *rqstp);
|
|
__be32 nfsd_read(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
loff_t offset, unsigned long *count,
|
|
u32 *eof);
|
|
__be32 nfsd_write(struct svc_rqst *, struct svc_fh *, loff_t,
|
|
struct kvec *, int, unsigned long *,
|
|
int stable, __be32 *verf);
|
|
__be32 nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp,
|
|
struct nfsd_file *nf, loff_t offset,
|
|
struct kvec *vec, int vlen, unsigned long *cnt,
|
|
int stable, __be32 *verf);
|
|
__be32 nfsd_readlink(struct svc_rqst *, struct svc_fh *,
|
|
char *, int *);
|
|
__be32 nfsd_symlink(struct svc_rqst *, struct svc_fh *,
|
|
char *name, int len, char *path,
|
|
struct nfsd_attrs *attrs,
|
|
struct svc_fh *res);
|
|
__be32 nfsd_link(struct svc_rqst *, struct svc_fh *,
|
|
char *, int, struct svc_fh *);
|
|
ssize_t nfsd_copy_file_range(struct file *, u64,
|
|
struct file *, u64, u64);
|
|
__be32 nfsd_rename(struct svc_rqst *,
|
|
struct svc_fh *, char *, int,
|
|
struct svc_fh *, char *, int);
|
|
__be32 nfsd_unlink(struct svc_rqst *, struct svc_fh *, int type,
|
|
char *name, int len);
|
|
__be32 nfsd_readdir(struct svc_rqst *, struct svc_fh *,
|
|
loff_t *, struct readdir_cd *, nfsd_filldir_t);
|
|
__be32 nfsd_statfs(struct svc_rqst *, struct svc_fh *,
|
|
struct kstatfs *, int access);
|
|
|
|
__be32 nfsd_permission(struct svc_rqst *, struct svc_export *,
|
|
struct dentry *, int);
|
|
|
|
void nfsd_filp_close(struct file *fp);
|
|
|
|
static inline int fh_want_write(struct svc_fh *fh)
|
|
{
|
|
int ret;
|
|
|
|
if (fh->fh_want_write)
|
|
return 0;
|
|
ret = mnt_want_write(fh->fh_export->ex_path.mnt);
|
|
if (!ret)
|
|
fh->fh_want_write = true;
|
|
return ret;
|
|
}
|
|
|
|
static inline void fh_drop_write(struct svc_fh *fh)
|
|
{
|
|
if (fh->fh_want_write) {
|
|
fh->fh_want_write = false;
|
|
mnt_drop_write(fh->fh_export->ex_path.mnt);
|
|
}
|
|
}
|
|
|
|
static inline __be32 fh_getattr(const struct svc_fh *fh, struct kstat *stat)
|
|
{
|
|
u32 request_mask = STATX_BASIC_STATS;
|
|
struct path p = {.mnt = fh->fh_export->ex_path.mnt,
|
|
.dentry = fh->fh_dentry};
|
|
|
|
if (fh->fh_maxsize == NFS4_FHSIZE)
|
|
request_mask |= (STATX_BTIME | STATX_CHANGE_COOKIE);
|
|
|
|
return nfserrno(vfs_getattr(&p, stat, request_mask,
|
|
AT_STATX_SYNC_AS_STAT));
|
|
}
|
|
|
|
#endif /* LINUX_NFSD_VFS_H */
|