Re: [PATCH v4 4/6] add statmount(2) syscall

[PATCH v4 0/6] querying mount attributes · Miklos Szeredi <hidden> · 2023-10-25
[PATCH v4 3/6] namespace: extract show_path() helper · Miklos Szeredi <hidden> · 2023-10-25
[PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Miklos Szeredi <hidden> · 2023-10-25
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Ian Kent <raven@themaw.net> · 2023-10-27
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Miklos Szeredi <hidden> · 2023-10-27
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Ian Kent <raven@themaw.net> · 2023-10-28
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Ian Kent <raven@themaw.net> · 2023-10-30
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Ian Kent <raven@themaw.net> · 2023-10-30
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Miklos Szeredi <hidden> · 2023-10-30
Re: [PATCH v4 2/6] mounts: keep list of mounts in an rbtree · Ian Kent <raven@themaw.net> · 2023-10-31
[PATCH v4 5/6] add listmount(2) syscall · Miklos Szeredi <hidden> · 2023-10-25
Re: [PATCH v4 5/6] add listmount(2) syscall · Jonathan Corbet <corbet@lwn.net> · 2023-11-07
Re: [PATCH v4 5/6] add listmount(2) syscall · Christian Brauner <brauner@kernel.org> · 2023-11-08
Re: [PATCH v4 5/6] add listmount(2) syscall · Jonathan Corbet <corbet@lwn.net> · 2023-11-08
Re: [PATCH v4 5/6] add listmount(2) syscall · Christian Brauner <brauner@kernel.org> · 2023-11-08
Re: [PATCH v4 5/6] add listmount(2) syscall · Paul Moore <paul@paul-moore.com> · 2023-11-08
Re: [PATCH v4 5/6] add listmount(2) syscall · Guenter Roeck <linux@roeck-us.net> · 2024-01-10
Re: [PATCH v4 5/6] add listmount(2) syscall · Linus Torvalds <torvalds@linux-foundation.org> · 2024-01-11
Re: [PATCH v4 5/6] add listmount(2) syscall · Guenter Roeck <linux@roeck-us.net> · 2024-01-11
Re: [PATCH v4 5/6] add listmount(2) syscall · Guenter Roeck <linux@roeck-us.net> · 2024-01-11
Re: [PATCH v4 5/6] add listmount(2) syscall · Linus Torvalds <torvalds@linux-foundation.org> · 2024-01-11
Re: [PATCH v4 5/6] add listmount(2) syscall · "Arnd Bergmann" <arnd@arndb.de> · 2024-01-11
Re: [PATCH v4 5/6] add listmount(2) syscall · Guenter Roeck <linux@roeck-us.net> · 2024-01-11
Re: [PATCH v4 5/6] add listmount(2) syscall · Linus Torvalds <torvalds@linux-foundation.org> · 2024-01-12
Re: [PATCH v4 5/6] add listmount(2) syscall · Guenter Roeck <linux@roeck-us.net> · 2024-01-12
Re: [PATCH v4 5/6] add listmount(2) syscall · Christian Brauner <brauner@kernel.org> · 2024-01-12
Re: [PATCH v4 5/6] add listmount(2) syscall · John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> · 2024-01-23
Re: [PATCH v4 5/6] add listmount(2) syscall · Guenter Roeck <linux@roeck-us.net> · 2024-01-23
Re: [PATCH v4 5/6] add listmount(2) syscall · John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> · 2024-01-23
[PATCH v4 6/6] wire up syscalls for statmount/listmount · Miklos Szeredi <hidden> · 2023-10-25
Re: [PATCH v4 6/6] wire up syscalls for statmount/listmount · Florian Fainelli <florian.fainelli@broadcom.com> · 2024-01-09
[PATCH v4 1/6] add unique mount ID · Miklos Szeredi <hidden> · 2023-10-25
[PATCH v4 4/6] add statmount(2) syscall · Miklos Szeredi <hidden> · 2023-10-25
Re: [PATCH v4 4/6] add statmount(2) syscall · Paul Moore <paul@paul-moore.com> · 2023-11-08
Re: [PATCH v4 4/6] add statmount(2) syscall · Christian Brauner <brauner@kernel.org> · 2023-11-08
Re: [PATCH v4 4/6] add statmount(2) syscall · Paul Moore <paul@paul-moore.com> · 2023-11-08
Re: [PATCH v4 4/6] add statmount(2) syscall · Paul Moore <paul@paul-moore.com> · 2023-11-10
Re: [PATCH v4 4/6] add statmount(2) syscall · Christian Brauner <brauner@kernel.org> · 2023-11-12
Re: [PATCH v4 4/6] add statmount(2) syscall · Paul Moore <paul@paul-moore.com> · 2023-11-12
Re: [PATCH v4 0/6] querying mount attributes · Christian Brauner <brauner@kernel.org> · 2023-11-01
Re: [PATCH v4 0/6] querying mount attributes · Miklos Szeredi <hidden> · 2023-11-01
Re: [PATCH v4 0/6] querying mount attributes · Christian Brauner <brauner@kernel.org> · 2023-11-01
Re: [PATCH v4 0/6] querying mount attributes · Ian Kent <raven@themaw.net> · 2023-11-01
Re: [PATCH v4 0/6] querying mount attributes · Karel Zak <kzak@redhat.com> · 2023-11-06
Re: [PATCH v4 0/6] querying mount attributes · Amir Goldstein <amir73il@gmail.com> · 2023-11-06
Re: [PATCH v4 0/6] querying mount attributes · Ian Kent <raven@themaw.net> · 2023-11-07
Re: [PATCH v4 0/6] querying mount attributes · Ian Kent <raven@themaw.net> · 2023-11-06

From: Christian Brauner <brauner@kernel.org>
Date: 2023-11-08 07:58:44
Also in: linux-fsdevel, linux-man, linux-security-module, lkml

quoted

+static int do_statmount(struct stmt_state *s)
+{
+	struct statmnt *sm = &s->sm;
+	struct mount *m = real_mount(s->mnt);
+	size_t copysize = min_t(size_t, s->bufsize, sizeof(*sm));
+	int err;
+
+	err = security_sb_statfs(s->mnt->mnt_root);
+	if (err)
+		return err;
+
+	if (!capable(CAP_SYS_ADMIN) &&
+	    !is_path_reachable(m, m->mnt.mnt_root, &s->root))
+		return -EPERM;

In order to be consistent with our typical access control ordering,
please move the security_sb_statfs() call down to here, after the
capability checks.

I've moved the security_sb_statfs() calls accordingly.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help