next up previous contents
Next: Kernel Modules Up: System Call Review Previous: Memory Management   Contents

File System

This subsection describes the results of the system call review for calls related to the file system.

The nfsservctl call is the interface to the kernel NFS daemon. The call is implemented in fs/nfsd/nfsctl.c. Linux requires CAP_SYS_ADMIN to use the call, so Flask requires cap_sys_admin permission. Since the Flask controls have not yet been integrated into the Linux NFS implementation, no further controls are required at this time. Separate permissions for the individual operations may be introduced at a later time.

The quotactl call may be used to manipulate disk quotas. This call is implemented in fs/dquot.c. Linux requires CAP_SYS_RESOURCE for enabling or disabling quotas, getting the quota of another user or group, or setting a quota. Hence, Flask requires cap_sys_resource permission for these commands. When enabling quotas, a quota file is specified. This file must already exist, typically being created by the quotacheck program. The file is opened for read and write access, and the existing Flask file access controls are applied. It might be useful to add a new permission controlling what files may be used as quota files. Linux does not control the quotactl commands for syncing the quota files, obtaining quota-related statistics, or obtaining the quota limits and current usage for user or group of the calling process. Flask does not provide a disk quota policy. Support for defining disk quotas based on the security contexts of processes would be desirable.

The bdflush call may be used to start, flush or tune the buffer-dirty flush daemon. The call is implemented in fs/buffer.c. Linux requires the CAP_SYS_ADMIN capability, so Flask requires cap_sys_admin permission. It might be useful to add new permissions to control the individual operations provided by the call.

The swapon and swapoff calls may be used to start and stop swapping to a file or device. Linux requires CAP_SYS_ADMIN and search access to the file to use either call. Flask requires cap_sys_admin permission and search permission. It might be useful to add a new permission controlling what files may be used as swap files.

The chroot system call may be used to change the root directory. The call is implemented in fs/open.c. Linux requires search access to the new root directory and CAP_SYS_CHROOT. Flask requires search permission to the new root directory and cap_sys_chroot permission. No further controls seem to be necessary.


next up previous contents
Next: Kernel Modules Up: System Call Review Previous: Memory Management   Contents