diff options
| author | Sergey Bugaev <bugaevc@serenityos.org> | 2020-05-28 17:56:25 +0300 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-05-29 07:53:30 +0200 |
| commit | fdb71cdf8fa6c48b226e2242fbfdd75216e2f442 (patch) | |
| tree | a6ab0f769c534ff8c5ce88be595e994ad4193d6c /Libraries | |
| parent | b9051263658c405a69bd8bd8030420157d3ca0e0 (diff) | |
| download | serenity-fdb71cdf8fa6c48b226e2242fbfdd75216e2f442.zip | |
Kernel: Support read-only filesystem mounts
This adds support for MS_RDONLY, a mount flag that tells the kernel to disallow
any attempts to write to the newly mounted filesystem. As this flag is
per-mount, and different mounts of the same filesystems (such as in case of bind
mounts) can have different mutability settings, you have to go though a custody
to find out if the filesystem is mounted read-only, instead of just asking the
filesystem itself whether it's inherently read-only.
This also adds a lot of checks we were previously missing; and moves some of
them to happen after more specific checks (such as regular permission checks).
One outstanding hole in this system is sys$mprotect(PROT_WRITE), as there's no
way we can know if the original file description this region has been mounted
from had been opened through a readonly mount point. Currently, we always allow
such sys$mprotect() calls to succeed, which effectively allows anyone to
circumvent the effect of MS_RDONLY. We should solve this one way or another.
Diffstat (limited to 'Libraries')
| -rw-r--r-- | Libraries/LibC/unistd.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Libraries/LibC/unistd.h b/Libraries/LibC/unistd.h index 4a4621fe8e..f7c86390d1 100644 --- a/Libraries/LibC/unistd.h +++ b/Libraries/LibC/unistd.h @@ -153,6 +153,7 @@ enum { #define MS_NOEXEC (1 << 1) #define MS_NOSUID (1 << 2) #define MS_BIND (1 << 3) +#define MS_RDONLY (1 << 4) /* * We aren't fully compliant (don't support policies, and don't have a wide |