On Sat, Jan 29, 2005 at 03:45:42AM +0100, Rene Scharfe wrote:
The patch is inspired by the /proc restriction parts of the GrSecurity patch. The main difference is the ability to configure the restrictions dynamically. You can change the umask setting by running
# mount -o remount,umask=007 /proc
Testing has been *very* light so far -- it compiles and boots. Patch is against 2.6.11-rc2-bk6.
Comments are very welcome.
It leaves already existing inodes with whatever mode they used to have.
I said "configure the restrictions dynamically" but I meant "doesn't need a recompile to change settings". I expect the umask to be specified in /etc/fstab and rarely changed in a running system. With that in mind I think the patch is useful as-is, especially because it's so small. But I agree, that thing is a dirty hack. :]
_IF_ you want to do that sort of things, do it right - add ->permission() that would apply that umask before checks and if you want it to be seen in results of stat(2) - add ->gettattr() and do the same there.
Aww, that sounds expensive. My favourite solution would be to only allow the umask to be changed at mount time, not when remounting.
Calling parse_options from proc_fill_super, only and not from proc_remount does not help very much because proc_fill_super is only called at boot (or proc module load time). Is there another way?
While we are here: how would one change the uid or gid parameter? With a built-in proc fs the mount -a -t proc in the init scripts only results in a proc_remount call which (in mainline) doesn't bother looking at parameters at all. The same is true for a unmount, mount sequence.
Thanks, Rene - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/