Re: [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around

[PATCH 00/10] VFS: Provide new mount UAPI · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 01/10] vfs: syscall: Add open_tree(2) to reference or clone a mount · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around · David Howells <dhowells@redhat.com> · 2019-02-19
Re: [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around · Alan Jenkins <hidden> · 2019-02-20
Re: [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around · Alan Jenkins <hidden> · 2019-02-20
Re: [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around · Jann Horn <jannh@google.com> · 2019-02-20
Re: [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2019-07-08
Re: [PATCH 02/10] vfs: syscall: Add move_mount(2) to move mounts around · Al Viro <viro@zeniv.linux.org.uk> · 2019-07-08
[PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE · David Howells <dhowells@redhat.com> · 2019-02-19
Re: [PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE · Alan Jenkins <hidden> · 2019-02-20
Re: [PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE · Alan Jenkins <hidden> · 2019-02-26
[PATCH 04/10] Make anon_inodes unconditional · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 05/10] vfs: syscall: Add fsopen() to prepare for superblock creation · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 06/10] vfs: Implement logging through fs_context · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 07/10] vfs: syscall: Add fsconfig() for configuring and managing a context · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 08/10] vfs: syscall: Add fsmount() to create a mount for a superblock · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 09/10] vfs: syscall: Add fspick() to select a superblock for reconfiguration · David Howells <dhowells@redhat.com> · 2019-02-19
[PATCH 10/10] vfs: Add a sample program for the new mount API · David Howells <dhowells@redhat.com> · 2019-02-19

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: 2019-07-08 12:02:45
Also in: linux-fsdevel

Hello, David Howells.

I realized via https://lwn.net/Articles/792622/ that a new set of
system calls for filesystem mounting has been added to Linux 5.2. But
I feel that LSM modules are not ready to support these system calls.

An example is move_mount() added by this patch. This patch added
security_move_mount() LSM hook but none of in-tree LSM modules are
providing "LSM_HOOK_INIT(move_mount, ...)" entry. Therefore, currently
security_move_mount() is a no-op. At least for TOMOYO, I want to check
mount manipulations caused by system calls because allowing mounts on
arbitrary location is not acceptable for pathname based access control.
What happened? I want TOMOYO to perform similar checks like mount() does.

On 2019/02/20 2:08, David Howells wrote:

Add a move_mount() system call that will move a mount from one place to
another and, in the next commit, allow to attach an unattached mount tree.

The new system call looks like the following:

	int move_mount(int from_dfd, const char *from_path,
		       int to_dfd, const char *to_path,
		       unsigned int flags);

Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-api@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help