Received: by 10.223.185.116 with SMTP id b49csp4400597wrg; Mon, 26 Feb 2018 17:24:32 -0800 (PST) X-Google-Smtp-Source: AH8x225i+plc0nOVF4HanfGwQg9s651yc48dT7is+YajJsjysP57SWK735tiOs5Kzwwdg3+DgHOa X-Received: by 2002:a17:902:5596:: with SMTP id g22-v6mr12133948pli.4.1519694672648; Mon, 26 Feb 2018 17:24:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519694672; cv=none; d=google.com; s=arc-20160816; b=wIy/VDPaYdj2TZ97ipl1v0/kpVh3yoSXlu0lI/GG45x4SMtSejEvY1PiPbX5fkxS96 RCRJYKtnLnJEfqEQWZCG9I+qVusL6vryNepFqILRi7yiP1nd1ejSR+P7i5bfQS9Pk0XF tU4UhhT1x1HLv8S74NaFMRTeHMYk8Ap/hrT8TrZBtZu63OQwJ4FjMWtrXfYVrM/uFgEj fuvHnl/8g26P9PywleHS/XEuBIP0ikCs2bi1Jb+BKj1LPNa/5QEFEI7BOt33M2jwKhNF uTU9mfncXg9svLetk6KnPxMUV8bk7CRGgssPNgOgUct9f5wcoIC2te5WFsJtjEVutcPJ mMRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=wMBVqsjJy774Vj2jk1CW5BYZ4GLRgX+g9Q3e+od5KGE=; b=PgM5RfkMM5U3dGzBhi0/TiUQp6iqgVFs/nq3NBdsvEdrv4fd+Sz0EkiCPKYcPw6swZ T4e4/df/+ehuN8XWUkLSnwj/ndWMgUnxg6f5lsjWHyI4DBLlmJKOmLgpHB8Uwsk+5qEF S/y2j+kqTl2xF/Qt70vehM1MBcTdhR5it+1IbmutrDSk9vW8MJAolKlLTDWrXI5vx69M aJha0uAZnzLyriO4/lfPrVM7Cy2A9WS07jkDD/4UyJXeKolmdzHNUf61hnihNYzHBmlZ XoNT4RQPBZTLs/Z+q6cinjpaHOWYntjn7H36ua/jrHFGBqvRaZFqNBrDrZ4xeHTWTnB1 njKg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q126si2806605pfb.414.2018.02.26.17.24.18; Mon, 26 Feb 2018 17:24:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751679AbeB0BXg (ORCPT + 99 others); Mon, 26 Feb 2018 20:23:36 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:35478 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751448AbeB0BXe (ORCPT ); Mon, 26 Feb 2018 20:23:34 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1eqTzN-0005e7-Kw; Tue, 27 Feb 2018 01:23:29 +0000 Date: Tue, 27 Feb 2018 01:23:29 +0000 From: Al Viro To: =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov , Andy Lutomirski , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Tycho Andersen , Will Drewry , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, James Morris , John Johansen , Stephen Smalley , Tetsuo Handa , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata Message-ID: <20180227012329.GL30522@ZenIV.linux.org.uk> References: <20180227004121.3633-1-mic@digikod.net> <20180227004121.3633-2-mic@digikod.net> <20180227005721.GK30522@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180227005721.GK30522@ZenIV.linux.org.uk> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 27, 2018 at 12:57:21AM +0000, Al Viro wrote: > On Tue, Feb 27, 2018 at 01:41:11AM +0100, Micka?l Sala?n wrote: > > The function current_nameidata_security(struct inode *) can be used to > > retrieve a blob's pointer address tied to the inode being walk through. > > This enable to follow a path lookup and know where an inode access come > > from. This is needed for the Landlock LSM to be able to restrict access > > to file path. > > > > The LSM hook nameidata_free_security(struct inode *) is called before > > freeing the associated nameidata. > > NAK. Not without well-defined semantics and "some Linux S&M uses that for > something, don't ask what" does not count. Incidentally, pathwalk mechanics is subject to change at zero notice, so if you want something, you'd better * have explicitly defined semantics * explain what it is - on fsdevel * not have it hidden behind the layers of opaque LSM dreck, pardon the redundance. Again, pathwalk internals have changed in the past and may bloody well change again in the future. There's a damn good reason why struct nameidata is _not_ visible outside of fs/namei.c, and quietly relying upon any implementation details is no-go.