Received: by 10.223.185.116 with SMTP id b49csp4374455wrg;
        Tue, 6 Mar 2018 14:46:05 -0800 (PST)
X-Google-Smtp-Source: AG47ELvOFoqdLseqkrLsxirSQW6BvlPXAmSU1uZrJHLeTVb8oatWJbUt5CipR3RQInYKviRWZPKI
X-Received: by 2002:a17:902:4827:: with SMTP id s36-v6mr18074855pld.269.1520376365049;
        Tue, 06 Mar 2018 14:46:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520376365; cv=none;
        d=google.com; s=arc-20160816;
        b=nN1pL9JuGvN4aidlQ/UwDh0y1+eQxv8vvJsRdRC1EOD/VCV+dgJKdIYIQf+0nQS9uJ
         eU+uv6aIrQFAQP27ie/mLv8K1QRolQhUNvSfqNr9Kb2WB+ytA/2UCCS9NPXfhqbwVyHv
         J8EiBwJkaphGo2bP7XLBUpG4U7JHTD5fYnA/HYppGIfHZjCk9jIe0gf3b4H44VHmaKe0
         dT+9N8yykyEjC4iRoUiXoQkEujsc5nUo85Pc8nMIE56/FpUADna1l5yVSDa8K0HOI3zW
         UFOQj2/e25zl2GLYAwXlZJRtT2sTFYeqkXVYpWAMrA7nNmlQjV4FX16sJLg/D325KhIa
         Frhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=u3IYFwiidbh9kwCiITaXyzEUp+zHEWQNIkNK/JNr2dY=;
        b=OlfSqRuV/sXGfs3OB9jEi4z8ipe6yAHGkKUdV/sht0z82kJ1pkWdE17Rt1QMbQgaIb
         Wo9PGsdoJ0ho1UxGst9fOl37D0IaBnkq83Kv8zZaXI1sYnsKUF34Nd+B2nLRWnX1fN2k
         OSgD85+n9vlx9qf+4nK6PAzky2iUnRzhLDQPlx/o4EHt/HaZkhc/T6ySN0R8jfIR5C1l
         YZc5x3dQE+Dnsnbmv/AdNCJYq1DqBVrM+LMw8VL2DrcKvy8T4HMid48rZ+/vQnSL6NsS
         1CY9vDfqqgtamKswVxgIfQNCVYgV3j2V+1luyMnLDnr6WeOkDj7iqojiTxlAiDIPsJwE
         qyJQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z2-v6si8050206plk.670.2018.03.06.14.45.47;
        Tue, 06 Mar 2018 14:46:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754184AbeCFW3a (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Tue, 6 Mar 2018 17:29:30 -0500
Received: from smtp-sh2.infomaniak.ch ([128.65.195.6]:59306 "EHLO
        smtp-sh2.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753805AbeCFW32 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Mar 2018 17:29:28 -0500
Received: from smtp8.infomaniak.ch (smtp8.infomaniak.ch [83.166.132.38])
        by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w26MSVh3026893
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Tue, 6 Mar 2018 23:28:31 +0100
Received: from ns3096276.ip-94-23-54.eu (ns3096276.ip-94-23-54.eu [94.23.54.103])
        (authenticated bits=0)
        by smtp8.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w26MSTJu148186
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
        Tue, 6 Mar 2018 23:28:30 +0100
Subject: Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions
To:     Andy Lutomirski <luto@kernel.org>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        David Drysdale <drysdale@google.com>,
        "David S . Miller" <davem@davemloft.net>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        James Morris <james.l.morris@oracle.com>,
        Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Paul Moore <paul@paul-moore.com>,
        Sargun Dhillon <sargun@sargun.me>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
        Thomas Graf <tgraf@suug.ch>, Tycho Andersen <tycho@tycho.ws>,
        Will Drewry <wad@chromium.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Network Development <netdev@vger.kernel.org>
References: <20180227004121.3633-1-mic@digikod.net>
 <20180227004121.3633-9-mic@digikod.net>
 <CALCETrUpDbusLPyZijR6MpZd5-0x0d9KuQHBaavqP1_GZ2tjfg@mail.gmail.com>
 <D6B96EE0-8932-4845-BFA5-4C65E5189AFB@amacapital.net>
 <0e7d0512-12a3-568d-aa55-3def4b91c6d0@digikod.net>
 <CALCETrUTiUeV71jgYWup0CZwG8eQ3=W7X5FgJqmgPxnYbFsccw@mail.gmail.com>
 <CALCETrV_BVc44YYq6g8PCpeUYuqQaooVoQSQ7Y=VpuaBshQgQg@mail.gmail.com>
 <f560a30d-10fd-31fc-adba-911961915937@digikod.net>
 <CALCETrW5v1sa17jPJuTskW5vdvcXqjFtRvAd0auWBmKvnAX-zQ@mail.gmail.com>
From:   =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>
Message-ID: <679089bb-c0ac-ff68-71b1-1813d66c6aa7@digikod.net>
Date:   Tue, 6 Mar 2018 23:28:24 +0100
User-Agent: 
MIME-Version: 1.0
In-Reply-To: <CALCETrW5v1sa17jPJuTskW5vdvcXqjFtRvAd0auWBmKvnAX-zQ@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="h92TW2B8M4QjpHrJfREMpzqkQ8my7B1ZE"
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8
X-Antivirus-Code: 0x100000
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--h92TW2B8M4QjpHrJfREMpzqkQ8my7B1ZE
Content-Type: multipart/mixed; boundary="kZcZjw0WKnGSqLFbzG2fiWrSWdoqrYTdI";
 protected-headers="v1"
From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>
To: Andy Lutomirski <luto@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>,
 Arnaldo Carvalho de Melo <acme@kernel.org>,
 Casey Schaufler <casey@schaufler-ca.com>,
 Daniel Borkmann <daniel@iogearbox.net>, David Drysdale
 <drysdale@google.com>, "David S . Miller" <davem@davemloft.net>,
 "Eric W . Biederman" <ebiederm@xmission.com>,
 James Morris <james.l.morris@oracle.com>, Jann Horn <jann@thejh.net>,
 Jonathan Corbet <corbet@lwn.net>, Michael Kerrisk <mtk.manpages@gmail.com>,
 Kees Cook <keescook@chromium.org>, Paul Moore <paul@paul-moore.com>,
 Sargun Dhillon <sargun@sargun.me>, "Serge E . Hallyn" <serge@hallyn.com>,
 Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
 Thomas Graf <tgraf@suug.ch>, Tycho Andersen <tycho@tycho.ws>,
 Will Drewry <wad@chromium.org>,
 Kernel Hardening <kernel-hardening@lists.openwall.com>,
 Linux API <linux-api@vger.kernel.org>,
 LSM List <linux-security-module@vger.kernel.org>,
 Network Development <netdev@vger.kernel.org>
Message-ID: <679089bb-c0ac-ff68-71b1-1813d66c6aa7@digikod.net>
Subject: Re: [PATCH bpf-next v8 08/11] landlock: Add ptrace restrictions
References: <20180227004121.3633-1-mic@digikod.net>
 <20180227004121.3633-9-mic@digikod.net>
 <CALCETrUpDbusLPyZijR6MpZd5-0x0d9KuQHBaavqP1_GZ2tjfg@mail.gmail.com>
 <D6B96EE0-8932-4845-BFA5-4C65E5189AFB@amacapital.net>
 <0e7d0512-12a3-568d-aa55-3def4b91c6d0@digikod.net>
 <CALCETrUTiUeV71jgYWup0CZwG8eQ3=W7X5FgJqmgPxnYbFsccw@mail.gmail.com>
 <CALCETrV_BVc44YYq6g8PCpeUYuqQaooVoQSQ7Y=VpuaBshQgQg@mail.gmail.com>
 <f560a30d-10fd-31fc-adba-911961915937@digikod.net>
 <CALCETrW5v1sa17jPJuTskW5vdvcXqjFtRvAd0auWBmKvnAX-zQ@mail.gmail.com>
In-Reply-To: <CALCETrW5v1sa17jPJuTskW5vdvcXqjFtRvAd0auWBmKvnAX-zQ@mail.gmail.com>

--kZcZjw0WKnGSqLFbzG2fiWrSWdoqrYTdI
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable


On 28/02/2018 01:09, Andy Lutomirski wrote:
> On Wed, Feb 28, 2018 at 12:00 AM, Micka=C3=ABl Sala=C3=BCn <mic@digikod=
=2Enet> wrote:
>>
>> On 28/02/2018 00:23, Andy Lutomirski wrote:
>>> On Tue, Feb 27, 2018 at 11:02 PM, Andy Lutomirski <luto@kernel.org> w=
rote:
>>>> On Tue, Feb 27, 2018 at 10:14 PM, Micka=C3=ABl Sala=C3=BCn <mic@digi=
kod.net> wrote:
>>>>>
>>>>
>>>> I think you're wrong here.  Any sane container trying to use Landloc=
k
>>>> like this would also create a PID namespace.  Problem solved.  I sti=
ll
>>>> think you should drop this patch.
>>
>> Containers is one use case, another is build-in sandboxing (e.g. for w=
eb
>> browser=E2=80=A6) and another one is for sandbox managers (e.g. Fireja=
il,
>> Bubblewrap, Flatpack=E2=80=A6). In some of these use cases, especially=
 from a
>> developer point of view, you may want/need to debug your applications
>> (without requiring to be root). For nested Landlock access-controls
>> (e.g. container + user session + web browser), it may not be allowed t=
o
>> create a PID namespace, but you still want to have a meaningful
>> access-control.
>>
>=20
> The consideration should be exactly the same as for normal seccomp.
> If I'm in a container (using PID namespaces + seccomp) and a run a web
> browser, I can debug the browser.
>=20
> If there's a real use case for adding this type of automatic ptrace
> protection, then by all means, let's add it as a general seccomp
> feature.
>=20

Right, it makes sense to add this feature to seccomp filters as well.
What do you think Kees?


--kZcZjw0WKnGSqLFbzG2fiWrSWdoqrYTdI--

--h92TW2B8M4QjpHrJfREMpzqkQ8my7B1ZE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEUysCyY8er9Axt7hqIt7+33O9apUFAlqfFggACgkQIt7+33O9
apW73AgAnM/G8lr+aVe8sB1ahRhpdMjsohKrFeRcQE1cCiGoBWE+XYz2FA3dHmiT
3cUeRbnQKONbgHsGF33+gzELd9Xrog1UfCi5BDaGQV4HYfCaMjr/ZiNQnaXXkw1L
20nM3CZ2H7Y9Skohqt03fca0D3Em+VpFoIRNjin+QziCTpPKEr6YUqQasUmrBT1H
FwjH9rEHtoUCavixV7k1cZgNaOBCwB8oKvgN/sYOkPn9CQLFQ2XaPLZz9To68UlZ
BJwk/D1KCSGWdNSfyuz9TQmXrChalw1+D+HF1EDLTet30zGQIeg2BzOON212F6wM
10W0n7lKkDWr/PskDeRE2EY8S4pYZw==
=zkVw
-----END PGP SIGNATURE-----

--h92TW2B8M4QjpHrJfREMpzqkQ8my7B1ZE--