[RESEND,RFC,v2,06/14] block: Switch from devcgroup_check_permission to security hook
| Message ID | 20231025094224.72858-7-michael.weiss@aisec.fraunhofer.de |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479755vqx;
Wed, 25 Oct 2023 02:46:03 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IGDSQIwizklnZQ5/m+lnvy5Hlm8d8kB9nCfN2GupfVmTlXP89NP4wmgL6Ids6gP+u3UeZ6y
X-Received: by 2002:a25:cb01:0:b0:da0:5ba1:7b2f with SMTP id
b1-20020a25cb01000000b00da05ba17b2fmr3401912ybg.31.1698227162965;
Wed, 25 Oct 2023 02:46:02 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1698227162; cv=pass;
d=google.com; s=arc-20160816;
b=QCqRq6k3DBKYCpJnQZM3ljICzcCQ+PGWPwTqR0q7ujRp2t5Z94Y74FjekLGd5fN8UY
7Oxp6RfB/r+DhD4dPsNoYzD4o/CVkyu+NP4rxwLkDC+ef13dzmI7ZKlmz24RkXupK/Mo
lgfWDF+2Tf+XhNnsZd7DCfHBnrL2ygWuJPb0KMbp1Vn5qDMjSMItjmOYM2J5jNeVN3Mi
qrFA1tWN+M/qguqiI2csA1otmRvxeOMaad6y6zITGIQd2KsAf7ERaVGisfykC7u4NTOu
4N/d5D7lUGrH7GBMP431T0MsbspGwK3cuwzscQIA8KwyKd4d0GuaKXxrFx1ObHr9hII7
dqKA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:content-transfer-encoding
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr
:ironport-sdr:ironport-phdr:dkim-signature;
bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=;
fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=;
b=uRPZHt1aXTdvDLZ4QnOFNQQ1h1k6tadaZ3oTJIyLp8K2ocs54lRFH5uDg/ZtSM1ntH
WuqV3A+DvcHOohAz/QhdCJdFZgt4BqA6wNLl75r1hZzH9XZTp1PwhJVF//3T/Vq3SfR7
SBjRL49Q04sp7c3Dz5wOuVgChYr9StOLpBG+CAay1vYZ6M/5AEPYA56RFKEOVeySZ+SM
+U4cSj+xN9MmJhhDw8M8gZ929iDhYXlO/37v3pJQR8pDRZob9nCxp0enKmBuNaPE4e2z
FkNowEpkPRkYMchK4QwB4xJLnkHBO0A9k86Jg4vEyXTz7aYoc3Pa8xyLYlPafRyCk7Q8
kjnw==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1
header.b="t/sioXLL";
dkim=pass header.i=@fraunhofer.onmicrosoft.com
header.s=selector2-fraunhofer-onmicrosoft-com header.b=d7Fp07fv;
arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass
dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1])
by mx.google.com with ESMTPS id
v5-20020a25fc05000000b00d8184353dcdsi10185883ybd.342.2023.10.25.02.46.02
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 25 Oct 2023 02:46:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
client-ip=2620:137:e000::3:1;
Authentication-Results: mx.google.com;
dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1
header.b="t/sioXLL";
dkim=pass header.i=@fraunhofer.onmicrosoft.com
header.s=selector2-fraunhofer-onmicrosoft-com header.b=d7Fp07fv;
arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass
dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:1 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by morse.vger.email (Postfix) with ESMTP id 4319E807E444;
Wed, 25 Oct 2023 02:45:05 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1343508AbjJYJoe (ORCPT <rfc822;aposhian.dev@gmail.com>
+ 26 others); Wed, 25 Oct 2023 05:44:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39090 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S234536AbjJYJoK (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 25 Oct 2023 05:44:10 -0400
Received: from mail-edgeDD24.fraunhofer.de (mail-edgedd24.fraunhofer.de
[IPv6:2a03:db80:1504:d267::25:24])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4CCE8E5;
Wed, 25 Oct 2023 02:44:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de;
q=dns/txt; s=emailbd1; t=1698227047; x=1729763047;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:content-transfer-encoding:mime-version;
bh=lj4vIchilQSP7CJzsy23e8C9QwMXZ+lNYzOtv4p9Euw=;
b=t/sioXLL7rsHWoj8k2wV9yqvEz8td3lYvgTSYPMkPsmAdBvHm/nkPxss
9dqazrYmghgAJIVwZdd3mOKOuVivjgwdsyysfpCdFrp96W1N77fc6QURm
u5npcLAzjYxXbAzoKToBsIHGfk2SbYQXVPq4rLJ5cwDqTwiQehTHuGNH2
WmzFzNeB2+2qPy83JGtx9o0WT4+KtOtRyWM8bAxnAh4r1w6faOacrQ2nZ
C0Ke0nG4BGJ1S79X9jYBWFHjUm9sGo1Diygz3tlgbfAs6mJr1Jm2Q7K6o
dcC/0c6aaEq3ivZ1n4FDrUqT6WVdzK7aPJ/vyBi1Aki/cwth8wZiIFqXA
w==;
X-CSE-ConnectionGUID: hwgJjR/STN+eETh6yYxBVg==
X-CSE-MsgGUID: aZ9kKngjSJG9CobO4vsqtQ==
Authentication-Results: mail-edgeDD24.fraunhofer.de;
dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result:
A2HeAwBB4jhl/xoBYJlaHgEBCxIMQIFEC4I5gleEU5FemCaEBCqBLIElA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonNQgOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIw8BDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGIEygQGCCQEBBrAfGIEggR4JCQGBEC6DXIQuAYQ0gR2ENYJPgUqBBoIthFiDRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxocCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CTSABgQ0ngTR9li4BrnkHgjGBXqEJGjOXK5JPLodGkEggoj6FSgIEAgQFAg4IgWQBghQzPoM2UhkPgRuNBQwWFoNAj3t0AjkCBwEKAQEDCYI5iRIBAQ
IronPort-PHdr: A9a23:wY1uXhd0HcpMl0W4bQbCtOgQlGM+49/LVj580XJao6wbK/fr9sH4J
0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E
tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK
xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC
JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvWp6pgjTDjutZhArZHcD1RLQoQiWs5
JowR1z5qxUaHTQL03/LpM9Xkfpho0fywn43ydvYP6+NbKVwYL3zJYkHTkxxbJdgRS9tRbKHM
KAIEeNRL/plirvM+3lVvT6HIAypVLzy7TNPiFHLhqkT6/0MDAvK3g14PdAuu3rXkOivEfYXW
8ec3fiWzRydV+sR5T3P2M/CSBUgosC1GqBzSNbawA52FSGdoGyQtL6mGmKW5P8qtXSZ7+lNd
dCm0zE+iQ1p/RWWyc1rtdWOu5kS2HyU6zgj7KIFe+SYUmJDf/vxQ9NA8iCAMI1uRdk+Bntlo
zs+1ugesIWgL0Diqbwizh/bLvGLfIWkzki/EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt
StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i
6r+Sw==
X-Talos-CUID: 9a23:Ts6jim0qJvETZe/kvvUpWbxfGt8qUH/ni0zsBQy1JFppFqykWXWu9/Yx
X-Talos-MUID: 9a23:xujrkARfK7+NfJW7RXTltmBhF8Fn4Z+MJxEmlp8h59efLDBJbmI=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.03,250,1694728800";
d="scan'208";a="71347900"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26])
by mail-edgeDD24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
25 Oct 2023 11:43:00 +0200
IronPort-SDR: 6538e324_DggGUANX/jrqBoGx0oGFxp6RILZHjWiQ7HkbaAvtfqaaEjX
tFEz7emnYY0XArFoLUv3XZKvS2Y+F5IvYONMvLQ==
X-IPAS-Result:
A0BEBgBB4jhl/3+zYZlaHgEBCxIMQAkcgR8LgWdSB4FLgQWEUoNNAQGFLYZBgiE7AZdqhC6BLIElA1YPAQMBAQEBAQcBAUQEAQGFBgKHFwInNQgOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQ8BDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLoNchC4BhDSBHYQ1gk+BSoEGgi2IHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxYEHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngk0gAYENJ4E0fZYuAa55B4IxgV6hCRozlyuSTy6HRpBIIKI+hUoCBAIEBQIOAQEGgWQBOoFZMz6DNk8DGQ+BG40FDBYWg0CPe0EzAjkCBwEKAQEDCYI5iREBAQ
IronPort-PHdr: A9a23:gc6kIR0z+RLqnuBwsmDO5gUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ
hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T
4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI
UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR
rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodBwGd3A7DZpbV7gi5lud+0S2GJtz4Ro1vVnezz
JV2YhXaqzkbGT0e7TntiZkj6cATqket+DJnm9Hafp+7bKBjdYXtT4IrV2ltGfdqCAdGHIrsf
ZcyKtgwYcQDv6zEgl4L/USjIgWrCs3SkTthvmbbwKc20eV5MwPm1wIjI+9UlSXRpvLcJfZMU
cnr9LGP8T/xX7Rc4zL867nxNQIimO2HVPUpc+iJ53AvCjGGqwSTm5fCOS+X1ucgk1qSt7V5d
+631EMepAs2nWTo+9wrmKWZmJ9P5nT0qxxZ2qoNO/jtGwZrJN++F51IsDuGcpF7Wd4mXzRws
T0hmdXu2La+dSkOjZE7zj32MaLBfZKB/xTjU+icO3F0iSEtdLG+gkOq+FO7gq3nV8ay2UpXt
CcNjNTWt34M2hCSosiKQ/dw5AGgjB6BzQnO7OFDL00u063dLp8q2LkrkZQP90/EG0fL
IronPort-Data: A9a23:P4cEUaMJM0sp+eHvrR0gk8FynXyQoLVcMsEvi/4bfWQNrUong2QPz
DMYXWuBOKuNMGf8ftgkOonkoRsP7ZWEzIMySHM5pCpnJ55oRWUpJjg5wmPYZX76whjrFRo/h
ykmQoCcappyFBcwnz/1WpD5t35wyKqUcbT1De/AK0hZSBRtIMsboUsLd9UR3Mgw2rBVPyvX4
Ymp+pWFZQf8s9JJGjt8B5yr+EsHUMva5WtwUmwWPZhjoFLYnn8JO5MTTYnZw6zQG9Q88kaSH
o4v/Znhlo/r105F5uCNzt4XRnY3rov6ZmBivJb2t5+K2XCurgRqukoy2WF1hU1/011llPgpo
DlBWADZpQoBZsXxdOohvxZwNQ9kNI5X1478Gybl7s/I3xLaTmDH3KA7ZK02FdVwFudfGmRS7
boVODsNKB6Zjv+wwLW1R/MqislLwMvDZd5E/CA/i2iGXLB/G8+rr6bivbe02B81h8tOFPvaI
dUUaCF0RB3BeBBEfFkNAY84nOCmi2O5fzAwRFe9+/prszaJk1MZPL7FbYrZdteqRptvl3m8i
mTv+H/UAhgLDYnKodaC2jf27gPVpgvyXI8CHbu0++RChVyTz2gSAwwQE1C8pJGRgFS3RtRSM
WQX9zAooKx081akJvH0RAGQo3OeuBMYHd1KHIUS8AiQzoLM6hudQ20DSSRMLtchsaceSTUs1
1KNt9LuCjFmqreSWTSb+6v8hTq0NTIULEcBaDUCQA9D5MPsyKk2hwjTT9AlFKeoptn0Hyzgh
TyHskAWnLIVguYI2r+98FSBhCijzrDYThUd6A+RVWWghit7Y46jIYKh8kTS5/tGIK6WS1CAu
D4PnM32xOMWFpCLmyylQ+gXGrytofGfP1X0mlJhN5Ym8Dup9jioeoU4yDF3I0N0Ne4LfjjmZ
EKVsgRUjLdRO3+xZId0bpi3BsBsyrLvffz8S/3ScttISplqcxGO+CxoeQib2GWFuFYti6YXK
5qdcNjqCXccFLQhyyC5AfoeuZcuxyM6wnj7XoL21Rmr0PyeeRa9QLIEKgTVb+QR46aNoQGT+
NFaX+ORxg9QXcX+ay3T4IhVJlcPRVAxHZ7etcNabKiALxBgFWVnDOXeqZsleop4j+FWm/3O8
3WVREBV0hz8iGfBJAHMbWpsAJvrXJBivTc1JiAhI1us82YsbJzp76oFcZYzO749+4ReIeVcF
qRePpTfR60QG3GeoWtbc5y7p8psbh22gwKJMSe/JjQyF3J9ezH0FhbfVlKH3AEAFCOqs8s5r
bC6kATdRJsIXQN5C8jKLvmoyjuMUbI1xIqehmOZc4UBS1am64VwNS36g9k+JsxGe12JxSKX2
0zSSV0UrPXE6d19utTYp7G2n6HwGctHH21eAzb665SyPnLk5WaN+9JLf9uJWjH/b1nK3pueS
99b9NzGC81frm1269J9N51J0ZMB48Deou4G7wZ8Q1TOQVeZKpJhBXik3cB/kKl81+Jcsg6YA
0iK+sdoPIuYHMbfFH8QOwsXQeCR3t4EmjTpzKoUIWerwARV7ba4QUFpEB3UsxNkLZxxK5ID/
ectnOU0+j6PoEMmHfjehx8F6lnWCGILVpsWk60zAajpu1IN8U5Da5mNMR3GysiDRPsUO3Z7P
wLOorTJgold4U/wc3ATM3zp9sgFjLQsvCF69nMzF26rqPHk2MBuhAZw9A4pRDt71h9EiuJ/G
lZ6Pn1PeJmhwW1au9hhbUuNRSd6Gxyrym7gwQAolUrYbXWSeE7jEWkfAduJrWclqz9yXz4D5
7yJ6nfXYRCzduHL4yYCc0pEqfvicN9PyjP/iP2XR8SrI7RqYB7OoLOfWm4Tmh62XeIznBLmo
MdpzsZRaIr6Fzwak5ckL4ykiYVKRw22Ik5CTc48+6lTL2XXeWyx6wOvMGG0QNtGfNbRwH+7C
utvB8NBbAu/3yCwtQImBbYADrt3vfwx7v8AR+/bHnEHuL6hsTZZipLc2SzgjmsNQd81s8ICB
q7OVjCFSEq8uGB1njLTkcx6JWaIW9kISwni1uST8u9SNZYisvlpQH4iwImPoHSZHwt2zS265
DqZSfft8NVj7oBwk6/HMKZJXVy0IOyuctW4ylm4ttAWYO7fNcvLiRgulWDmGAZrJpoUZcV8k
OWckdzw3X6dho0MbULip8CjGZVKtOKIZ8gGFuLsLXJfozmOZ9+03TsH5FKDCMJolPFz25CZY
jWWOeWMcewbYdN//EFuSjN/Fk8dApvnb627qiKaqe+NOycn0gfGDY2G8FHxZjtldAsNCYzPO
jHpstn/4+JojZl+KyIFI9pEAJZIBkDpdoV7Vt/2tBieVnKJhHHbsJTctBMQ0xP5IVjaL9Tbu
LXrHgPfcja2s4H2lOBpiZR45EArPSwskNsOcVI40P8orTKDVUotD/kXaLcCAbFqyh3C7onyP
mzxXTFzGBfGfGp2dDvn647eRSaZPOsFP+n5KhEP/0+5bySXBpuKMIB+9xVPsmtHRT/+8N6Jc
d0u2GX8HhyU8KFbQew+4v+ag+A+4tj4wnkO2172ku2sIhI4LIgJ6kdcH1t2ZXSaK/3OqUTFG
zFkDyQMCkS2UlX4HstcamZYUkNR9i/myzIzKzyD2pDDsoGc1/dN0+D7J/q16LAYccAWP/Qbc
BsbnYdWD7y+gRT/YZcUhu8=
IronPort-HdrOrdr: A9a23:rAnOHKtpP+sXlNTlEgkHMKFl7skDctV00zEX/kB9WHVpm6uj5q
aTdZUgpHjJYVMqMk3I9urvBEDtexzhHP1OkOss1NWZLW3bUQKTRekP0WKF+UyCJ8SXzIVgPM
xbEpSWZueRMbErt6vHCEvRKadE/OW6
X-Talos-CUID: 9a23:49GctWEwnTPqUw83qmJB2lQdOdEKQ0bnki2PIBSoVnpUU5aKHAo=
X-Talos-MUID: 9a23:c1KelggZK6Q+5EkY8iK+88MpaZdk76+OCx43mKoil8+tMjddOz6MtWHi
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.03,250,1694728800";
d="scan'208";a="68486277"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO
smtp.exch.fraunhofer.de) ([153.97.179.127])
by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
25 Oct 2023 11:42:59 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by
XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1258.27; Wed, 25 Oct 2023 11:42:59 +0200
Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.168)
by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:59 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=fqpIjms/NYp1U9pHDasUBGtcns2zDrTzpbmZ3s1F67VY6etH0S1qCH9KhDxC9XwyV1dV15DfoU163bU1j2HPTUwIWoX1msmvFgJm+Ef2BwZuxaOCnY3/2WJ9og3rLwkLYhzWH6kjHhaer1T83wv4feTc3dFbHOIgdCDQ2THqUUYsR9wOWYtVr+jpDBdpdaQejKwjFV8j7f51tjOgiUEMK6aqM9Pq7eEKmESOauuYUDJkMVCtqWBPUd6JCotT7bta2yPR7zD72hC5tKLA1tZCPP/QdSX1uMEJ+vSZdwbAzk0B9aEinkiwP/diRzDp8+HU6vWBzBjCPMtV5WxkSgt5Dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=;
b=QBak9s4qYpByf83gS7u0qFlZh5YK/C6Q/1robqsr9HdEFA06C/5D/MIxyljTeHYjd0osIPKC8xZsIwsOkiLTV82gkkxbhsArXPQ8RKzScYCDLOsA103CW4jdTLDxS4IyTe6/kSb0F9vnmSkL0zqAqDm5013xn1T8MKC5XAjDt+qTBhAL8sKWOw0DYxbn+sWyPmRaOTsLl3AQ/76w7x3Agw8DtSjRMGzTjjjYRvAfr7L95L0csEiecuecIifcRefZSQ2zOwddktarBPJoCKiLYE7ohZA8CGT3GRpGZsBlSHqx6BaF3mkV77qqCCGQMZukXTOu2+UwiptwgDMF25nrog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none
header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de;
arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=;
b=d7Fp07fvvF02ucNXZ9YzkD/YS7Cova8ztUMZY4J3xMQMmm87uOdofFU3lAPqEubdji0JjHcfkTU2M9mbOAy96hA6Pp/TbZX/bRmikYQ/zkQtca/1jJ0FQhuZ+M9kZsOntjhkEHZa07qJdp7EQgb/W4/UsozD8vu2DLX6QHrDPvM=
Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14)
by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct
2023 09:42:58 +0000
Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023
09:42:58 +0000
From: =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
To: Alexander Mikhalitsyn <alexander@mihalicyn.com>,
Christian Brauner <brauner@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Paul Moore <paul@paul-moore.com>
CC: Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Quentin Monnet <quentin@isovalent.com>,
Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>,
<bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>, <gyroidos@aisec.fraunhofer.de>,
=?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
Subject: [RESEND RFC PATCH v2 06/14] block: Switch from
devcgroup_check_permission to security hook
Date: Wed, 25 Oct 2023 11:42:16 +0200
Message-Id: <20231025094224.72858-7-michael.weiss@aisec.fraunhofer.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de>
References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:b10:50::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_
X-MS-Office365-Filtering-Correlation-Id: ac42e99c-262b-4c25-733b-08dbd53ec5b1
X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
0LxokPclv89QKj1UIGoSMqhDLjoyO45hVrJ+uFd0/PXAWKEGPTQ+ik258KpGHufB50OwQCs9aGc6RXb/Vt7U57kGoqhBB1yqkLW36NWgyML+N4XC0X0O9pe936e/yJp2FX2ABz3fDYJlbg07e8R3Tc3OzsNQmAPy4556acPft95aQPZEf4G0xsE8gr8KpGzJISKiJFVvm2WYZkRlE4oAjjQmtT4i4/kdZGJDel+WcKFcDGq9aNTPDOGB/aJDVnzN+E1oe2FQWQnPUVD8MhUToCPpB5cf3lJ61U84g98SaMALhhc6yHYgZDSzJ2gHrcCmP2RkFnZg70SZw81li3KgQi3ujrkgS0B0I591X0JjK7mawntiC4RcJBV7s5MFTS3Dj37hIpng1JNS+BsLYDQCYVGmQ0F7N2l566B11PD3OSb+b2Z0Nj5m5PnTw3mFFJe1BIA1Y6UtAkOeoiiPQ9ucSxJTIdcMkFh3QvRjYb5xwJRnaTzsy/h7DphyqZKNdqfgWD9c98RMHB/0B2AcJQJA9gonUn770j3q5sp0kSxW4sN+2xHAbak1RI0EqAtXxswqrVJdEQ0EDsu9ISKf1evYwMBqvMg4FQvGPMmt3h5sRrc=
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?FT7Oy5IqpD6zNl8rKjg6PWpHO4J3?=
=?utf-8?q?f7DZpCO1rIJJykg20fuopPOW/8Fblis0PgDyZZpIeXtu3xnWY+pyH44ihOxNn3wvl?=
=?utf-8?q?X41VtSbYutKWwMo9/MYYKHuYh301ijV+xsyzGFmeWZBgrKwsulRtdJZv2iV1CI5bF?=
=?utf-8?q?0WVxgc1rpxgTWQ+XuRBVYqN76awDHdIbjiZGtgoeCTSg/FOqmU2BSDGtuKsS2vkLZ?=
=?utf-8?q?5jNwwz4TL8SYaNom0PEhmi4go1XylBdcxzST8jPf0rviTqQ8hovICHmQ8xMME0beI?=
=?utf-8?q?SdqAE5f2qH8/oDcr+U5LtmftiWsr7Z3uHLaE9wwr8BcF2T+yGbU3CUMgvXfGP6ofg?=
=?utf-8?q?vHB9OV7MHM9TNV66cdl42iWFMrqM9zHBPoLDHG4XUsAEE5XupAfrYD4tKkGqU4Gzr?=
=?utf-8?q?HR9zcg35fnGsoahdBXgpqL4DjsiQXIqPKcqskVPoDaUtJcVB2MRDTxhtu4TYRzUYW?=
=?utf-8?q?MTvRZMU8jMwsdlcBLn9ppUwF0Vh663P8gBrZZcSp+Eoy0ao/XtKC4R81Hyx2oJZku?=
=?utf-8?q?lqmiRKR1PtuDIdFe2kjNdhWyDacht6hFc4XxR5yxZhN4J4IP9+0O6rRMhs3n8TmMW?=
=?utf-8?q?80BIqDwooGv73d3a62En4uZKb/kQiE1tW51rJutoDXgdwqf/kvSel+5JrTlxghp7h?=
=?utf-8?q?+F7WEsnbGYIElikBHKcfve5NU31bf979/3S6upj0k813wSwpMbf9HI68B/Jk33lRH?=
=?utf-8?q?k7wIFJlYvJWacAkyd1xONB3FvMHSpXD9qVRdhYgIBny3QVwDgufhbSMO/GTmQ+pk0?=
=?utf-8?q?+eTx9c/AJZMsu+Sb6t9GvK+n5vC1fRt4QjMfUVHki6osNoEuBhtRmkIutc89oS2re?=
=?utf-8?q?259WYGt9KJ2jJvo/zK3WH21tkuvYQIsaaHrE1NxU47sV4keCDRpCEknOkXvzlu//N?=
=?utf-8?q?qGs7lUspV2+iJzvmofTQLLKWWsJaICBLVDLYmRfTHXHubqK8CtzWVkTHXWc11/qOe?=
=?utf-8?q?t9HqYWFszknbLsCqWUpMGW5MtxK1Wxio/wC4toBq7fyO4bPCVfacHYgz6IhTrdoMq?=
=?utf-8?q?5APPZ3BaQVDrGGSdVlRfvHE+sbYoJYzoVsWwKOuc1EFo3+0NVFBSeF7sfObvWcwdB?=
=?utf-8?q?yJqCDO/N4A5h9hBFGSh8WqlCUD2BCh6dAzo45NZuLu9HsmOhjOd4kwDJvdbn6pr6F?=
=?utf-8?q?WRvyAsLrn3E2c7dacrq2qU0Q5zhXyw2S1DmxUlSyEaBffObduA9iHTC6526t5Uvzn?=
=?utf-8?q?CMoMmz7SrNEhe5H4l06wjSMtMM+i/RZ9kFMPCxZ/VEmnyis0RvHPLnS3jGhqAD88x?=
=?utf-8?q?PkJYZ6neZCTayQ4Z4vSIEZE2IgsAqfLVkz8dZKWny1jkkTG6+VVo4IUiPXtzXU9p3?=
=?utf-8?q?gMeE+Cq8V7Jlf3UO1pyTwRyadm40bm8DCpMDCpHQV+WVvUr9MINjR+9ZTm6Q0Oqkk?=
=?utf-8?q?uVdzIt49CRxktvSqpXKteQ3WE12CvCKiKs4c9nPYzbhjhs03O/B4Pl9RY8RNnaRwp?=
=?utf-8?q?e7YxieqTIHgM1o+tp1QnRJON4Arh6hn+ki11v73lREzbxpvPnOhYyDLJhjDgg4aQu?=
=?utf-8?q?U2ly59T2rLN/j+dpyOl1qnJWwlri+d/dZ+m+5kzxA773fJaD3mbejuNp231Q3vWan?=
=?utf-8?q?68V6pvCEYj1LfYATk58lTIKnyZAF2wsIMZVFAbZOtAU3WAFtzNlwqI=3D?=
X-MS-Exchange-CrossTenant-Network-Message-Id:
ac42e99c-262b-4c25-733b-08dbd53ec5b1
X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:58.5664
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
A6cb3h8jL2TwWkg39T2EApG5kUW9tOA7sARXaoURhB++RNw0p5V1llkySFOH9OyIVa9NMuCKedeudF2S+A83u+4VgDum80S2gwCOEd12P/ALbJkGzSo858hvA3GLoqcC
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116
X-OriginatorOrg: aisec.fraunhofer.de
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]);
Wed, 25 Oct 2023 02:45:05 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780720245534985958
X-GMAIL-MSGID: 1780720245534985958
|
| Series |
device_cgroup: guard mknod for non-initial user namespace
|
|
Commit Message
Michael Weiß
Oct. 25, 2023, 9:42 a.m. UTC
The new lsm-based cgroup device access control provides an
equivalent hook to check device permission. Thus, switch to the
more generic security hook security_dev_permission() instead of
directly calling devcgroup_check_permission().
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
block/bdev.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/block/bdev.c b/block/bdev.c index f3b13aa1b7d4..fc6de4e2a80b 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -10,7 +10,6 @@ #include <linux/slab.h> #include <linux/kmod.h> #include <linux/major.h> -#include <linux/device_cgroup.h> #include <linux/blkdev.h> #include <linux/blk-integrity.h> #include <linux/backing-dev.h> @@ -27,6 +26,7 @@ #include <linux/part_stat.h> #include <linux/uaccess.h> #include <linux/stat.h> +#include <linux/security.h> #include "../fs/internal.h" #include "blk.h" @@ -757,10 +757,9 @@ struct block_device *blkdev_get_by_dev(dev_t dev, blk_mode_t mode, void *holder, struct gendisk *disk; int ret; - ret = devcgroup_check_permission(DEVCG_DEV_BLOCK, - MAJOR(dev), MINOR(dev), - ((mode & BLK_OPEN_READ) ? DEVCG_ACC_READ : 0) | - ((mode & BLK_OPEN_WRITE) ? DEVCG_ACC_WRITE : 0)); + ret = security_dev_permission(S_IFBLK, dev, + ((mode & BLK_OPEN_READ) ? MAY_READ : 0) | + ((mode & BLK_OPEN_WRITE) ? MAY_WRITE : 0)); if (ret) return ERR_PTR(ret);