Received: by 10.223.185.116 with SMTP id b49csp4381674wrg; Mon, 26 Feb 2018 16:58:46 -0800 (PST) X-Google-Smtp-Source: AG47ELudKPVeUei9dYwGYlMvMXSfdVGnb39XF/1hnbFegn3ErwJmI7KH9jkVQRifX2yFsW4KFgGl X-Received: by 2002:a17:902:5984:: with SMTP id p4-v6mr8006346pli.38.1519693126082; Mon, 26 Feb 2018 16:58:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519693126; cv=none; d=google.com; s=arc-20160816; b=AYRNCOafOHTBzjK3Xaz83xmQzxuwLAJ4EiQxocJWOdXAVtTmInnAR1cVloTAZvJp2p ZX2sfKSRKqBZETkNYoQJhvkBbZGJnC6KCPfEnnnz01JkkmpRTdFI3/mmcXFoWY3AeBQg ElmpIIwDYvJHnsNhXbtEjlvKEcndcyDdaBcJ11CAy6Lhhb2ADT8a4PDM76uJfo3UCIdX haZBetF5iX1YDbFXyfZdH0JnWzWAM7lcD/mhCM5snnSPUKPzqyk30tQ2161IeU2ufMmJ QwoenVmM1ED8bxN8X0Q4q+PHUQI06sHaZ1FEHuJU4GMER/d82+UPSDm8jMp9v7BcRh46 +OfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=YSXDlP8gvpOcKStdLjcQBUTsjfpOtQbUtpu+7NFeoPM=; b=KuFL0gdY3dySrLSXaTzQx6QiFMTu4ckjXyfaNEg0r5vRVCjUYOHz1x90vq/mf+Y7ps NvHNbvFezAgQWrcvfLXMLdHS3hMxL+Y1dJxEGzrYnMKp+JWPkcbowcPa09PGHEpz9xL0 qBcMt5qhAZXLAksu+ZYyCzf8nQpNL/BUSOiJW0JqY27092d8rVWbBmVGJ90RT4bkFAUw m1iDMPyNTZoOEjgNJnJl3PYfqg+RNiJ3mWyHz4Sbu7fk5x3l3mKsrynlzade/Alk6kOy JDNPzj5eQFFlXHDB42Z1XjjW+6x+hcUkv8r5WSjv+hG13dgwATkO22ZUoNMkdAry2ife JJwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1si6163449pgq.413.2018.02.26.16.58.31; Mon, 26 Feb 2018 16:58:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751813AbeB0A5e (ORCPT + 99 others); Mon, 26 Feb 2018 19:57:34 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:34942 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751764AbeB0A5c (ORCPT ); Mon, 26 Feb 2018 19:57:32 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1eqTa5-0004wp-Ax; Tue, 27 Feb 2018 00:57:21 +0000 Date: Tue, 27 Feb 2018 00:57:21 +0000 From: Al Viro To: =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov , Andy Lutomirski , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Tycho Andersen , Will Drewry , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, James Morris , John Johansen , Stephen Smalley , Tetsuo Handa , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata Message-ID: <20180227005721.GK30522@ZenIV.linux.org.uk> References: <20180227004121.3633-1-mic@digikod.net> <20180227004121.3633-2-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180227004121.3633-2-mic@digikod.net> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 27, 2018 at 01:41:11AM +0100, Micka?l Sala?n wrote: > The function current_nameidata_security(struct inode *) can be used to > retrieve a blob's pointer address tied to the inode being walk through. > This enable to follow a path lookup and know where an inode access come > from. This is needed for the Landlock LSM to be able to restrict access > to file path. > > The LSM hook nameidata_free_security(struct inode *) is called before > freeing the associated nameidata. NAK. Not without well-defined semantics and "some Linux S&M uses that for something, don't ask what" does not count.