Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753146AbbG1RNz (ORCPT ); Tue, 28 Jul 2015 13:13:55 -0400 Received: from mail-vn0-f46.google.com ([209.85.216.46]:36270 "EHLO mail-vn0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752362AbbG1RNw (ORCPT ); Tue, 28 Jul 2015 13:13:52 -0400 MIME-Version: 1.0 In-Reply-To: References: <1438083663-24814-1-git-send-email-drysdale@google.com> <1438083663-24814-2-git-send-email-drysdale@google.com> From: David Drysdale Date: Tue, 28 Jul 2015 18:13:31 +0100 Message-ID: Subject: Re: [PATCH RFC 1/1] Documentation: describe how to add a system call To: Kees Cook Cc: Linux API , Michael Kerrisk , Andrew Morton , Arnd Bergmann , Shuah Khan , Jonathan Corbet , Andrea Arcangeli , Thomas Gleixner , Eric B Munson , Ingo Molnar , "H. Peter Anvin" , Oleg Nesterov , Linus Torvalds , Greg Kroah-Hartman , Andy Lutomirski , Al Viro , Rusty Russell , Peter Zijlstra , Vivek Goyal , Alexei Starovoitov , David Herrmann , "Theodore Ts'o" , Milosz Tanski , Fam Zheng , Josh Triplett , Mathieu Desnoyers , "linux-doc@vger.kernel.org" , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2342 Lines: 54 On Tue, Jul 28, 2015 at 5:43 PM, Kees Cook wrote: > On Tue, Jul 28, 2015 at 4:41 AM, David Drysdale wrote: >> Add a document describing the process of adding a new system call, >> including the need for a flags argument for future compatibility, and >> covering 32-bit/64-bit concerns (albeit in an x86-centric way). >> >> Signed-off-by: David Drysdale >> Reviewed-by: Michael Kerrisk > > This is great! > > Reviewed-by: Kees Cook > > I have a few minor suggestions below... Thanks, I've applied all bar one -- a query below. >> --- >> Documentation/adding-syscalls.txt | 454 ++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 454 insertions(+) >> create mode 100644 Documentation/adding-syscalls.txt >> >> diff --git a/Documentation/adding-syscalls.txt b/Documentation/adding-syscalls.txt >> new file mode 100644 >> index 000000000000..5f52edda8951 >> --- /dev/null >> +++ b/Documentation/adding-syscalls.txt [snip] >> + - If there is an existing capability that governs related functionality, then >> + use that. However, avoid combining lots of only vaguely related functions >> + together under the same bit, as this goes against capabilities' purpose of >> + splitting the power of root. In particular, avoid adding new uses of the >> + already overly-general CAP_SYS_ADMIN capability. >> + - If there is no related capability, then consider adding a new capability >> + bit -- but bear in mind that the numbering space is limited, and each new >> + bit needs to be understood and administered by sysadmins. > > Perhaps mention alternative mechanisms for access control when working > on file descriptors, like avoiding security issues by looking at fd > _opener_ credentials, rather than current's credentials? I'm struggling to cope up with text about this that doesn't feel either too vague or much too detailed / internal, so maybe I'm misunderstanding what you're after. Could you clarify or maybe suggest a sentence or two? Thanks, David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/