Received: by 10.223.185.116 with SMTP id b49csp5214220wrg;
        Tue, 27 Feb 2018 09:33:25 -0800 (PST)
X-Google-Smtp-Source: AH8x227AT+XNA1354mfh6IWwu9Hd8EekZcNDdZu8eS9vnlhrmvk57PiEERkCmshFPfQaZIP4KCpR
X-Received: by 10.98.200.131 with SMTP id i3mr14939363pfk.40.1519752805142;
        Tue, 27 Feb 2018 09:33:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519752805; cv=none;
        d=google.com; s=arc-20160816;
        b=d5xH3Q5yaG0UAfJHbjpv8LjSKFR9gRva5nVzOs/IDmztYhnEzCXCGfDxE9/qjiFcVy
         FIa0YmJxMzvMsegjYR0xgVi8SBiPc0TCKlfrVoJ7uYIOSq0CAFl9bdnYvQQhY9/niDme
         Nk7lyARu9YkZzUnpyBPnajon4bHPRWS6knEwcNVQIIzAtO71lnJN9ViQSOTB9o1PWWGY
         220KR+pQ6L6kBFgJQ0uKw6Is0v5Hp+auMG+juJlzXev2hh/WN94KWW7BPA/MtT0l601J
         Vjq2BqVrb4izCzUHTepoph9uG4/pS4h3oxouhNyBe39xMZWj6JyVgSaMs19YOs4SRRcI
         UAew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=n6k4lDA0/pF58W+4d2BrkMQoVM7Pnx7jfhBpmNhkD00=;
        b=Olkqh70HL1dBrFtovYD2DDDbpt6PwFvBXuQAUfxKmPhHU07QW65U6QwRkRgRIVt2ab
         ckPkvRsgZZjlKNXMrgVplEyzNwuy/ytgJnIUfnEWO1R7H7A4+gtoZwLgb+YHiglG54Vj
         RnlNeet9du7NwX0bHsaFR3ttpYEeCnM4ExMdUO+XZa7wcjTcDDAOum3uFBopxYYhs3dL
         KnJPjOaNHTfkTbJRUKNZLa1mFmrkDwGzlfMPFAW15ydf4jQWYWhmnnWuMCoJlghODhO+
         OXLP9dmT1VBJpEJ+GS4UA6TjyBi50jIiSVrpeQRWJwqNp9+80jb+GLt7boP7nBW85/RJ
         XDNQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=jbbc6kxZ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s2si8830170pfb.269.2018.02.27.09.33.09;
        Tue, 27 Feb 2018 09:33:25 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=jbbc6kxZ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751868AbeB0Rar (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Tue, 27 Feb 2018 12:30:47 -0500
Received: from sonic302-28.consmr.mail.gq1.yahoo.com ([98.137.68.154]:38408
        "EHLO sonic302-28.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751800AbeB0Rao (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Feb 2018 12:30:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1519752644; bh=n6k4lDA0/pF58W+4d2BrkMQoVM7Pnx7jfhBpmNhkD00=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=jbbc6kxZw7Q3DGJFn9BxCtVkxIZq7xvvABKW8yNvRGE7vsWfNv1j75yI4wlfc4+fuGxV4fx3tMwT2Ezm+UYKJmPmwgzB8oYKpjSQil79b8pddHtNK5JEUZzQHfgjwMuAsz5YUll3URBp/uI7SsuFwbdYon5xBCEgrcZ6x2KCcgAky3d+oRNQ/M6e33ZGzvmxEdkOdpwEYJn7iInvbcfHTytwAO4MfJsGf8rHsl968ylsafCksdriHIrM4Rf1IPTB0hlv2t2ilMyoSXgCX/ofPyZwdURMJfy0KM9thPDTnpB7pkfIxasmEm4gkr2+dySR/09rwHqcPqxtw87C5q4U8Q==
X-YMail-OSG: v_Y0UgEVM1noO1onQB5Q77ZzMi5KizWj9ZjTdboF4A.QqMGF7rgKCF9ZYJ9cdR.
 A8dvCBlchQ3DSrRvXPk1PKXYv1k5idSn.EOG4NHJUnyF4IYs8mjwJf39dT1VI4K9o7YmyBBfWmRS
 .ZnmEYr7EWHKGceGbbWUHM6hhrrorN7NiMBsDnXV6fIqK4PWrVnEWl6xXqSWj70aE.nXBaJ4ZiwT
 eTdK4iGBLX0eKaGPFcAhe11V0XCLzdHC3MVMHE2iYCfDFNjTk58DO38je.8zg4ea12xSOjj7qAr1
 DrQVueCSQckEzQdnUcFmfERi16zOzr1c.QWGwzh75nJkoCERg2rdsDxReiPvOAYnT6VAscVpTWA5
 t8iqzKCvDe3yFML3eersIQ8KiRzeah2qKAJQ84FHF9_IwG5fNeuQQH2m33ll8kIGRzk7rvCTqy4i
 LtLuy8pGmcyQfeTwCAbYoSAdsA5WFEc_lOWyFkdzVxNB6vOdnAwnPJp9OUN_FsdsH3S_sKUawUNt
 WJLF9nW4N_pUVRSsGZTfWxklD4jIgvKZ0JmLMYg--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.gq1.yahoo.com with HTTP; Tue, 27 Feb 2018 17:30:44 +0000
Received: from smtpgate102.mail.gq1.yahoo.com (EHLO [192.168.0.104]) ([10.214.153.45])
          by smtp401.mail.gq1.yahoo.com (JAMES SMTP Server ) with ESMTPA ID 012bdda56a164aa0b57fc0e38a5aaa0c;
          Tue, 27 Feb 2018 17:30:39 +0000 (UTC)
Subject: Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock
 programs per process hierarchy
To:     Andy Lutomirski <luto@kernel.org>,
        Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc:     =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>,
        LKML <linux-kernel@vger.kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        David Drysdale <drysdale@google.com>,
        "David S . Miller" <davem@davemloft.net>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Paul Moore <paul@paul-moore.com>,
        Sargun Dhillon <sargun@sargun.me>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
        Thomas Graf <tgraf@suug.ch>, Tycho Andersen <tycho@tycho.ws>,
        Will Drewry <wad@chromium.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>
References: <20180227004121.3633-1-mic@digikod.net>
 <20180227004121.3633-6-mic@digikod.net>
 <20180227020856.teq4hobw3zwussu2@ast-mbp>
 <CALCETrVKRYnGJ9XNW-x7eHdMt+eGP90j7cAed-KTzp1KT_kMeQ@mail.gmail.com>
 <20180227045458.wjrbbsxf3po656du@ast-mbp>
 <CALCETrXZ=xJEd53RhA67_VDoAKBWgUeyBi9XN7ibrE7V6nzk5Q@mail.gmail.com>
 <20180227053255.a7ua24kjd6tvei2a@ast-mbp>
 <CALCETrUqc0wbig4ntQe9KNS-fOgYOpD+MPodXYruCRyJ7bhagA@mail.gmail.com>
From:   Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <b9579dae-625e-cd91-0656-821a8d1f2893@schaufler-ca.com>
Date:   Tue, 27 Feb 2018 09:30:35 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CALCETrUqc0wbig4ntQe9KNS-fOgYOpD+MPodXYruCRyJ7bhagA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2/27/2018 8:39 AM, Andy Lutomirski wrote:
> On Tue, Feb 27, 2018 at 5:32 AM, Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
>> [ Snip ]
> An earlier version of the patch set used the seccomp filter chain.
> Mickaël, what exactly was wrong with that approach other than that the
> seccomp() syscall was awkward for you to use?  You could add a
> seccomp_add_landlock_rule() syscall if you needed to.
>
> As a side comment, why is this an LSM at all, let alone a non-stacking
> LSM?  It would make a lot more sense to me to make Landlock depend on
> having LSMs configured in but to call the landlock hooks directly from
> the security_xyz() hooks.

Please, no. It is my serious intention to have at least the
infrastructure blob management in within a release or two, and
I think that's all Landlock needs. The security_xyz() hooks are
sufficiently hackish as it is without unnecessarily adding more
special cases.