Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754931AbbGPDVs (ORCPT ); Wed, 15 Jul 2015 23:21:48 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:54102 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751990AbbGPDVq (ORCPT ); Wed, 15 Jul 2015 23:21:46 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: Seth Forshee Cc: Alexander Viro , linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Serge Hallyn , Andy Lutomirski , linux-kernel@vger.kernel.org, Casey Schaufler References: <1436989569-69582-1-git-send-email-seth.forshee@canonical.com> Date: Wed, 15 Jul 2015 22:15:21 -0500 In-Reply-To: <1436989569-69582-1-git-send-email-seth.forshee@canonical.com> (Seth Forshee's message of "Wed, 15 Jul 2015 14:46:01 -0500") Message-ID: <87615k7pyu.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-AID: U2FsdGVkX1+kR9eypv0+I2eTQLPtrR5JM1tHnPocXRo= X-SA-Exim-Connect-IP: 67.3.205.90 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.7 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: T_TM2_M_HEADER_IN_MSG * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa03 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Seth Forshee X-Spam-Relay-Country: X-Spam-Timing: total 1346 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 4 (0.3%), parse: 1.22 (0.1%), extract_message_metadata: 4 (0.3%), get_uri_detail_list: 1.52 (0.1%), tests_pri_-1000: 5 (0.4%), tests_pri_-950: 2.00 (0.1%), tests_pri_-900: 1.55 (0.1%), tests_pri_-400: 28 (2.1%), check_bayes: 26 (1.9%), tests_pri_0: 1289 (95.8%), tests_pri_500: 6 (0.4%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH 0/7] Initial support for user namespace owned mounts X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1363 Lines: 38 Seth I think for the LSMs we should start with: diff --git a/security/security.c b/security/security.c index 062f3c997fdc..5b6ece92a8e5 100644 --- a/security/security.c +++ b/security/security.c @@ -310,6 +310,8 @@ int security_sb_statfs(struct dentry *dentry) int security_sb_mount(const char *dev_name, struct path *path, const char *type, unsigned long flags, void *data) { + if (current_user_ns() != &init_user_ns) + return -EPERM; return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); } Then we should push this down into all of the lsms. Then when we should remove or relax or change the check as appropriate in each lsm. The point is this is good enough to see that it is trivially safe, and this allows us to focus on the core issues, and stop worrying about the lsms for a bit. Then we can focus on each lsm one at at time and take the time to really understand them and talk with their maintainers etc to make certain we get things correct. This should remove the need for your patches 5, 6 and 7. For the immediate future. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/