On Sun, Apr 24, 2016 at 07:11:37PM +0000, David Holland wrote: > Since you said fuse has a way to do that but it doesn't work for our > fuse, I guess the right way forward is to make it work in our fuse. > What's required? Just send an arbitrary ID associated with the open > through puffs to userland?
Here is the first part: a MNT_FILECRED mount option that cause the struct file to be attached to VOP credentials. It builds but I have not yet tested, as I need the second part in PUFFS for that. Index: sys/sys/fstypes.h =================================================================== RCS file: /cvsroot/src/sys/sys/fstypes.h,v retrieving revision 1.33 diff -U4 -r1.33 fstypes.h --- sys/sys/fstypes.h 6 May 2015 15:57:08 -0000 1.33 +++ sys/sys/fstypes.h 27 Apr 2016 15:54:05 -0000 @@ -79,12 +79,11 @@ * * Unmount uses MNT_FORCE flag. * * Note that all mount flags are listed here. if you need to add one, take - * one of the __MNT_UNUSED flags. + * one of the __MNT_UNUSED flags (none available currently, sorry) */ -#define __MNT_UNUSED1 0x00200000 #define MNT_RDONLY 0x00000001 /* read only filesystem */ #define MNT_SYNCHRONOUS 0x00000002 /* file system written synchronously */ #define MNT_NOEXEC 0x00000004 /* can't exec from filesystem */ @@ -94,8 +93,9 @@ #define MNT_ASYNC 0x00000040 /* file system written asynchronously */ #define MNT_NOCOREDUMP 0x00008000 /* don't write core dumps to this FS */ #define MNT_RELATIME 0x00020000 /* only update access time if mod/ch */ #define MNT_IGNORE 0x00100000 /* don't show entry in df */ +#define MNT_FILECRED 0x00200000 /* provide file_t in VFS ops creds */ #define MNT_DISCARD 0x00800000 /* use DISCARD/TRIM if supported */ #define MNT_EXTATTR 0x01000000 /* enable extended attributes */ #define MNT_LOG 0x02000000 /* Use logging */ #define MNT_NOATIME 0x04000000 /* Never update access times in fs */ Index: sys/sys/kauth.h =================================================================== RCS file: /cvsroot/src/sys/sys/kauth.h,v retrieving revision 1.73 diff -U4 -r1.73 kauth.h --- sys/sys/kauth.h 6 Oct 2015 22:13:39 -0000 1.73 +++ sys/sys/kauth.h 27 Apr 2016 15:54:05 -0000 @@ -85,8 +85,12 @@ specificdata_reference cr_sd; /* specific data */ }; #endif +#ifdef _KERNEL +extern kauth_key_t kauth_filecred_key;; +#endif + /* * Possible return values for a listener. */ #define KAUTH_RESULT_ALLOW 0 /* allow access */ Index: sys/secmodel/secmodel.c =================================================================== RCS file: /cvsroot/src/sys/secmodel/secmodel.c,v retrieving revision 1.2 diff -U4 -r1.2 secmodel.c --- sys/secmodel/secmodel.c 4 Nov 2014 16:01:58 -0000 1.2 +++ sys/secmodel/secmodel.c 27 Apr 2016 15:54:05 -0000 @@ -37,8 +37,11 @@ #include <sys/rwlock.h> #include <secmodel/secmodel.h> #include <prop/proplib.h> +/* kauth key for MNT_FILECRED mount option */ +kauth_key_t kauth_filecred_key; + /* List of secmodels, parameters, and lock. */ static LIST_HEAD(, secmodel_descr) secmodels = LIST_HEAD_INITIALIZER(secmodels); static unsigned int secmodel_copy_cred_on_fork = false; @@ -61,8 +64,10 @@ rw_init(&secmodels_lock); secmodel_copy_cred_on_fork = false; + + (void)kauth_register_key(NULL, &kauth_filecred_key); } /* * Register a new secmodel. Index: sys/kern/vfs_syscalls.c =================================================================== RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.504 diff -U4 -r1.504 vfs_syscalls.c --- sys/kern/vfs_syscalls.c 28 Nov 2015 15:26:29 -0000 1.504 +++ sys/kern/vfs_syscalls.c 27 Apr 2016 15:54:05 -0000 @@ -218,8 +218,18 @@ fp->f_type = DTYPE_VNODE; fp->f_ops = &vnops; fp->f_vnode = vp; + if (vp->v_mount->mnt_flag & MNT_FILECRED) { + kauth_cred_t cred; + + cred = kauth_cred_dup(fp->f_cred); + kauth_cred_free(fp->f_cred); + fp->f_cred = cred; + + kauth_cred_setdata(cred, kauth_filecred_key, fp); + } + if (flags & (O_EXLOCK | O_SHLOCK)) { struct flock lf; int type; -- Emmanuel Dreyfus m...@netbsd.org