2021-04-30 18:16:44

by Dr. Greg

[permalink] [raw]
Subject: Do kernel namespaces have a desire to be inclusive to newcomers?

Hi, I hope the week has gone well for everyone, apologies in advance
for indulging in a bit of political humor for the subject of this
e-mail.

We are rounding the corner for the release of a new security
architecture for Linux that weaves together IMA and the LSM
infrastructure. It is designed to support what we think the future is
going to be for security when OpenTitan and/or Pluton grow up to be
adults.

Part and parcel to the architecture is the implementation of a
namespace for modeling security event domains. We chose to update our
code from an initial implementation on 4.4 to 5.4, given the latter's
status as an LTS release, and the availability of the clone3() system
call and the expanded bit field width for the designation of namespace
types.

Using anything for a namespace type designator that translates into
something beyond a 32-bit value seems to run afoul of the fact that an
int is used for the type element of the proc_ns_operations structure.
Since all of this is decidedly outside the kernel, and may never be
appropriate for mainline, this isn't a big issue but if our reasoning
is correct it will be a potential issue for other namespaces once the
remaining lower bits of the flags field is consumed.

Since we currently only need unshare capabilities, we used the bit
position below CLONE_NEWTIME for the time being but are interested in
knowing if this limitation is by design or if a patch would be
acceptable for simply pushing that structure element out to 64 bits,
which in classical technology parlance; 'should be enough for anyone'.

Any thoughts would be appreciated.

Best wishes for a pleasant weekend to everyone.

Dr. Greg

As always,
Dr. Greg Wettstein, Ph.D, Worker Autonomously self-defensive
Enjellic Systems Development, LLC IOT platforms and edge devices.
4206 19th Ave. N.
Fargo, ND 58102
PH: 701-281-1686 EMAIL: [email protected]
------------------------------------------------------------------------------
"Don't worry about people stealing your ideas. If your ideas are any
good, you'll have to ram them down people's throats."
-- Howard Aiken