Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752107AbdGMOvY (ORCPT <rfc822;w@1wt.eu>);
        Thu, 13 Jul 2017 10:51:24 -0400
Received: from mail.eperm.de ([89.247.134.16]:60496 "EHLO mail.eperm.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751193AbdGMOvW (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Jul 2017 10:51:22 -0400
From: Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To: Christian Langrock <christian.langrock@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Crypto_user: Make crypto user API available for all net ns
Date: Thu, 13 Jul 2017 16:51:10 +0200
Message-ID: <2290757.F5Nm8BLmaV@tauon.chronox.de>
In-Reply-To: <692d6ab1-d737-2683-5e55-b5f838f99b01@secunet.com>
References: <692d6ab1-d737-2683-5e55-b5f838f99b01@secunet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 514
Lines: 16

Am Donnerstag, 13. Juli 2017, 16:22:32 CEST schrieb Christian Langrock:

Hi Christian,

> With this patch it's possible to use crypto user API form all
> network namespaces, not only form the initial net ns.

Is this wise?

The crypto_user interface allows root users to change settings in the kernel 
with a global scope. For example, you can deregister ciphers, change the prio 
of ciphers and so on. All of that is visible on a global scale and thus should 
not be possible from namespaces, IMHO.

Ciao
Stephan