diff options
| author | David Howells <dhowells@redhat.com> | 2018-11-05 12:40:30 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2019-03-20 18:49:06 -0400 |
| commit | 2db154b3ea8e14b04fee23e3fdfd5e9d17fbc6ae (patch) | |
| tree | b7c4c1f2497b6c04b3481fdfd461c652befbca6d /include/linux | |
| parent | a07b20004793d8926f78d63eb5980559f7813404 (diff) | |
vfs: syscall: Add move_mount(2) to move mounts around
Add a move_mount() system call that will move a mount from one place to
another and, in the next commit, allow to attach an unattached mount tree.
The new system call looks like the following:
int move_mount(int from_dfd, const char *from_path,
int to_dfd, const char *to_path,
unsigned int flags);
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-api@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/lsm_hooks.h | 6 | ||||
| -rw-r--r-- | include/linux/security.h | 7 | ||||
| -rw-r--r-- | include/linux/syscalls.h | 3 |
3 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a9b8ff578b6b..cb33f81cf5a1 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h | |||
| @@ -160,6 +160,10 @@ | |||
| 160 | * Parse a string of security data filling in the opts structure | 160 | * Parse a string of security data filling in the opts structure |
| 161 | * @options string containing all mount options known by the LSM | 161 | * @options string containing all mount options known by the LSM |
| 162 | * @opts binary data structure usable by the LSM | 162 | * @opts binary data structure usable by the LSM |
| 163 | * @move_mount: | ||
| 164 | * Check permission before a mount is moved. | ||
| 165 | * @from_path indicates the mount that is going to be moved. | ||
| 166 | * @to_path indicates the mountpoint that will be mounted upon. | ||
| 163 | * @dentry_init_security: | 167 | * @dentry_init_security: |
| 164 | * Compute a context for a dentry as the inode is not yet available | 168 | * Compute a context for a dentry as the inode is not yet available |
| 165 | * since NFSv4 has no label backed by an EA anyway. | 169 | * since NFSv4 has no label backed by an EA anyway. |
| @@ -1501,6 +1505,7 @@ union security_list_options { | |||
| 1501 | unsigned long *set_kern_flags); | 1505 | unsigned long *set_kern_flags); |
| 1502 | int (*sb_add_mnt_opt)(const char *option, const char *val, int len, | 1506 | int (*sb_add_mnt_opt)(const char *option, const char *val, int len, |
| 1503 | void **mnt_opts); | 1507 | void **mnt_opts); |
| 1508 | int (*move_mount)(const struct path *from_path, const struct path *to_path); | ||
| 1504 | int (*dentry_init_security)(struct dentry *dentry, int mode, | 1509 | int (*dentry_init_security)(struct dentry *dentry, int mode, |
| 1505 | const struct qstr *name, void **ctx, | 1510 | const struct qstr *name, void **ctx, |
| 1506 | u32 *ctxlen); | 1511 | u32 *ctxlen); |
| @@ -1835,6 +1840,7 @@ struct security_hook_heads { | |||
| 1835 | struct hlist_head sb_set_mnt_opts; | 1840 | struct hlist_head sb_set_mnt_opts; |
| 1836 | struct hlist_head sb_clone_mnt_opts; | 1841 | struct hlist_head sb_clone_mnt_opts; |
| 1837 | struct hlist_head sb_add_mnt_opt; | 1842 | struct hlist_head sb_add_mnt_opt; |
| 1843 | struct hlist_head move_mount; | ||
| 1838 | struct hlist_head dentry_init_security; | 1844 | struct hlist_head dentry_init_security; |
| 1839 | struct hlist_head dentry_create_files_as; | 1845 | struct hlist_head dentry_create_files_as; |
| 1840 | #ifdef CONFIG_SECURITY_PATH | 1846 | #ifdef CONFIG_SECURITY_PATH |
diff --git a/include/linux/security.h b/include/linux/security.h index 49f2685324b0..1f2e06afc28f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -250,6 +250,7 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, | |||
| 250 | unsigned long *set_kern_flags); | 250 | unsigned long *set_kern_flags); |
| 251 | int security_add_mnt_opt(const char *option, const char *val, | 251 | int security_add_mnt_opt(const char *option, const char *val, |
| 252 | int len, void **mnt_opts); | 252 | int len, void **mnt_opts); |
| 253 | int security_move_mount(const struct path *from_path, const struct path *to_path); | ||
| 253 | int security_dentry_init_security(struct dentry *dentry, int mode, | 254 | int security_dentry_init_security(struct dentry *dentry, int mode, |
| 254 | const struct qstr *name, void **ctx, | 255 | const struct qstr *name, void **ctx, |
| 255 | u32 *ctxlen); | 256 | u32 *ctxlen); |
| @@ -611,6 +612,12 @@ static inline int security_add_mnt_opt(const char *option, const char *val, | |||
| 611 | return 0; | 612 | return 0; |
| 612 | } | 613 | } |
| 613 | 614 | ||
| 615 | static inline int security_move_mount(const struct path *from_path, | ||
| 616 | const struct path *to_path) | ||
| 617 | { | ||
| 618 | return 0; | ||
| 619 | } | ||
| 620 | |||
| 614 | static inline int security_inode_alloc(struct inode *inode) | 621 | static inline int security_inode_alloc(struct inode *inode) |
| 615 | { | 622 | { |
| 616 | return 0; | 623 | return 0; |
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 6c29d586e66b..84347fc0a1a7 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h | |||
| @@ -986,6 +986,9 @@ asmlinkage long sys_statx(int dfd, const char __user *path, unsigned flags, | |||
| 986 | asmlinkage long sys_rseq(struct rseq __user *rseq, uint32_t rseq_len, | 986 | asmlinkage long sys_rseq(struct rseq __user *rseq, uint32_t rseq_len, |
| 987 | int flags, uint32_t sig); | 987 | int flags, uint32_t sig); |
| 988 | asmlinkage long sys_open_tree(int dfd, const char __user *path, unsigned flags); | 988 | asmlinkage long sys_open_tree(int dfd, const char __user *path, unsigned flags); |
| 989 | asmlinkage long sys_move_mount(int from_dfd, const char __user *from_path, | ||
| 990 | int to_dfd, const char __user *to_path, | ||
| 991 | unsigned int ms_flags); | ||
| 989 | asmlinkage long sys_pidfd_send_signal(int pidfd, int sig, | 992 | asmlinkage long sys_pidfd_send_signal(int pidfd, int sig, |
| 990 | siginfo_t __user *info, | 993 | siginfo_t __user *info, |
| 991 | unsigned int flags); | 994 | unsigned int flags); |