On Sun, Apr 24, 2016 at 07:11:37PM +0000, David Holland wrote:
> Since you said fuse has a way to do that but it doesn't work for our
> fuse, I guess the right way forward is to make it work in our fuse.
> What's required? Just send an arbitrary ID associated with the open
> through puffs to userland?
Here is the first part: a MNT_FILECRED mount option that cause
the struct file to be attached to VOP credentials. It builds but
I have not yet tested, as I need the second part in PUFFS for that.
Index: sys/sys/fstypes.h
===================================================================
RCS file: /cvsroot/src/sys/sys/fstypes.h,v
retrieving revision 1.33
diff -U4 -r1.33 fstypes.h
--- sys/sys/fstypes.h 6 May 2015 15:57:08 -0000 1.33
+++ sys/sys/fstypes.h 27 Apr 2016 15:54:05 -0000
@@ -79,12 +79,11 @@
*
* Unmount uses MNT_FORCE flag.
*
* Note that all mount flags are listed here. if you need to add one, take
- * one of the __MNT_UNUSED flags.
+ * one of the __MNT_UNUSED flags (none available currently, sorry)
*/
-#define __MNT_UNUSED1 0x00200000
#define MNT_RDONLY 0x00000001 /* read only filesystem */
#define MNT_SYNCHRONOUS 0x00000002 /* file system written
synchronously */
#define MNT_NOEXEC 0x00000004 /* can't exec from filesystem */
@@ -94,8 +93,9 @@
#define MNT_ASYNC 0x00000040 /* file system written
asynchronously */
#define MNT_NOCOREDUMP 0x00008000 /* don't write core dumps to
this FS */
#define MNT_RELATIME 0x00020000 /* only update access time if
mod/ch */
#define MNT_IGNORE 0x00100000 /* don't show entry in df */
+#define MNT_FILECRED 0x00200000 /* provide file_t in VFS ops
creds */
#define MNT_DISCARD 0x00800000 /* use DISCARD/TRIM if
supported */
#define MNT_EXTATTR 0x01000000 /* enable extended attributes */
#define MNT_LOG 0x02000000 /* Use logging */
#define MNT_NOATIME 0x04000000 /* Never update access times in
fs */
Index: sys/sys/kauth.h
===================================================================
RCS file: /cvsroot/src/sys/sys/kauth.h,v
retrieving revision 1.73
diff -U4 -r1.73 kauth.h
--- sys/sys/kauth.h 6 Oct 2015 22:13:39 -0000 1.73
+++ sys/sys/kauth.h 27 Apr 2016 15:54:05 -0000
@@ -85,8 +85,12 @@
specificdata_reference cr_sd; /* specific data */
};
#endif
+#ifdef _KERNEL
+extern kauth_key_t kauth_filecred_key;;
+#endif
+
/*
* Possible return values for a listener.
*/
#define KAUTH_RESULT_ALLOW 0 /* allow access */
Index: sys/secmodel/secmodel.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/secmodel.c,v
retrieving revision 1.2
diff -U4 -r1.2 secmodel.c
--- sys/secmodel/secmodel.c 4 Nov 2014 16:01:58 -0000 1.2
+++ sys/secmodel/secmodel.c 27 Apr 2016 15:54:05 -0000
@@ -37,8 +37,11 @@
#include <sys/rwlock.h>
#include <secmodel/secmodel.h>
#include <prop/proplib.h>
+/* kauth key for MNT_FILECRED mount option */
+kauth_key_t kauth_filecred_key;
+
/* List of secmodels, parameters, and lock. */
static LIST_HEAD(, secmodel_descr) secmodels =
LIST_HEAD_INITIALIZER(secmodels);
static unsigned int secmodel_copy_cred_on_fork = false;
@@ -61,8 +64,10 @@
rw_init(&secmodels_lock);
secmodel_copy_cred_on_fork = false;
+
+ (void)kauth_register_key(NULL, &kauth_filecred_key);
}
/*
* Register a new secmodel.
Index: sys/kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.504
diff -U4 -r1.504 vfs_syscalls.c
--- sys/kern/vfs_syscalls.c 28 Nov 2015 15:26:29 -0000 1.504
+++ sys/kern/vfs_syscalls.c 27 Apr 2016 15:54:05 -0000
@@ -218,8 +218,18 @@
fp->f_type = DTYPE_VNODE;
fp->f_ops = &vnops;
fp->f_vnode = vp;
+ if (vp->v_mount->mnt_flag & MNT_FILECRED) {
+ kauth_cred_t cred;
+
+ cred = kauth_cred_dup(fp->f_cred);
+ kauth_cred_free(fp->f_cred);
+ fp->f_cred = cred;
+
+ kauth_cred_setdata(cred, kauth_filecred_key, fp);
+ }
+
if (flags & (O_EXLOCK | O_SHLOCK)) {
struct flock lf;
int type;
--
Emmanuel Dreyfus
m...@netbsd.org
