aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-12-17 21:24:34 -0500
committerEric Paris <eparis@redhat.com>2010-07-28 09:59:02 -0400
commit9e66e4233db9c7e31e9ee706be2c9ddd54cf99b3 (patch)
tree9d778b358fb6e5f02fb2cf634c2163f34982b7dd /include
parentc4ec54b40d33f8016fea970a383cc584dd0e6019 (diff)
fanotify: permissions and blocking
This is the backend work needed for fanotify to support the new FS_OPEN_PERM and FS_ACCESS_PERM fsnotify events. This is done using the new fsnotify secondary queue. No userspace interface is provided actually respond to or request these events. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/fanotify.h18
-rw-r--r--include/linux/fsnotify_backend.h12
2 files changed, 30 insertions, 0 deletions
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 385896c9f828..02f80676c238 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -15,6 +15,9 @@
15/* FIXME currently Q's have no limit.... */ 15/* FIXME currently Q's have no limit.... */
16#define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */ 16#define FAN_Q_OVERFLOW 0x00004000 /* Event queued overflowed */
17 17
18#define FAN_OPEN_PERM 0x00010000 /* File open in perm check */
19#define FAN_ACCESS_PERM 0x00020000 /* File accessed in perm check */
20
18/* helper events */ 21/* helper events */
19#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */ 22#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
20 23
@@ -52,7 +55,14 @@
52 FAN_CLOSE |\ 55 FAN_CLOSE |\
53 FAN_OPEN) 56 FAN_OPEN)
54 57
58/*
59 * All events which require a permission response from userspace
60 */
61#define FAN_ALL_PERM_EVENTS (FAN_OPEN_PERM |\
62 FAN_ACCESS_PERM)
63
55#define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\ 64#define FAN_ALL_OUTGOING_EVENTS (FAN_ALL_EVENTS |\
65 FAN_ALL_PERM_EVENTS |\
56 FAN_Q_OVERFLOW) 66 FAN_Q_OVERFLOW)
57 67
58#define FANOTIFY_METADATA_VERSION 1 68#define FANOTIFY_METADATA_VERSION 1
@@ -65,6 +75,10 @@ struct fanotify_event_metadata {
65 __s64 pid; 75 __s64 pid;
66} __attribute__ ((packed)); 76} __attribute__ ((packed));
67 77
78/* Legit userspace responses to a _PERM event */
79#define FAN_ALLOW 0x01
80#define FAN_DENY 0x02
81
68/* Helper functions to deal with fanotify_event_metadata buffers */ 82/* Helper functions to deal with fanotify_event_metadata buffers */
69#define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata)) 83#define FAN_EVENT_METADATA_LEN (sizeof(struct fanotify_event_metadata))
70 84
@@ -78,5 +92,9 @@ struct fanotify_event_metadata {
78 92
79#ifdef __KERNEL__ 93#ifdef __KERNEL__
80 94
95struct fanotify_wait {
96 struct fsnotify_event *event;
97 __s32 fd;
98};
81#endif /* __KERNEL__ */ 99#endif /* __KERNEL__ */
82#endif /* _LINUX_FANOTIFY_H */ 100#endif /* _LINUX_FANOTIFY_H */
diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h
index c34728e7d8cb..b0d00fd6bfad 100644
--- a/include/linux/fsnotify_backend.h
+++ b/include/linux/fsnotify_backend.h
@@ -160,6 +160,14 @@ struct fsnotify_group {
160 struct user_struct *user; 160 struct user_struct *user;
161 } inotify_data; 161 } inotify_data;
162#endif 162#endif
163#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
164 struct fanotify_group_private_data {
165 /* allows a group to block waiting for a userspace response */
166 struct mutex access_mutex;
167 struct list_head access_list;
168 wait_queue_head_t access_waitq;
169 } fanotify_data;
170#endif
163 }; 171 };
164}; 172};
165 173
@@ -227,6 +235,10 @@ struct fsnotify_event {
227 size_t name_len; 235 size_t name_len;
228 struct pid *tgid; 236 struct pid *tgid;
229 237
238#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
239 __u32 response; /* userspace answer to question */
240#endif /* CONFIG_FANOTIFY_ACCESS_PERMISSIONS */
241
230 struct list_head private_data_list; /* groups can store private data here */ 242 struct list_head private_data_list; /* groups can store private data here */
231}; 243};
232 244