Received: by 10.223.185.116 with SMTP id b49csp4376989wrg;
        Tue, 6 Mar 2018 14:49:34 -0800 (PST)
X-Google-Smtp-Source: AG47ELvF+KhcsTWVDqHSraXLLxawnQ8doRk0NPeGKqY+LpnrFwCy2MyGgbne+CgnJoTOHyLxa/Qa
X-Received: by 2002:a17:902:b901:: with SMTP id bf1-v6mr18347595plb.175.1520376574323;
        Tue, 06 Mar 2018 14:49:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520376574; cv=none;
        d=google.com; s=arc-20160816;
        b=NHg/ZH36B9hGyaYpwzMyMpKlalHt0giO2qKqfjwdYGtt4krh1lmZGQE0waKvBfiXZQ
         jJah2ULwW879DVx12azpalziIhW3H+n+oFk4t64dz2b5nQMPukveY68F3YG9svPzM8uo
         x9Nuf0pR4VXe90boUxkhv3kIdzI2uT404ZdII8ua007nOOb4YyqMtWfUWqDRp048naTY
         ip4U5BrhOoQwt4t9AKSOa1YEXJ7+aQntlDb1TKGqplGrMrp5QqZP8wsOSzE+voGkC2xX
         Lc22SbZhZRtDzRkdJDD8cK89EcJwwERXSaojHq8UJKDlvUbKPy2ptJZ8L/P0z/p+XwpQ
         l/zg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=PAN6ssPRVSY4CpXdyC0TDmurZ/xGvqZB85skCjheNRg=;
        b=z41q7PjRMANDWax/RBq5wq80UmZhZ6mvFNR4K8/6sTXg3JfqZUJzBo+OKj23ZvW2zA
         2sfHQBFWT+topzrmHSKrYfd4Cs2AeODCCW7/1nxDB0yQQ8wwMTxue4F0aUIUBsMpnE4g
         dXq82h2jhkzTIBzPjI0L/RzZcfgG4P+ljRU0lMKJAe+mQe4X0lf5mtpoCQnaV9veRor2
         JGxdy00G9a/gNSE24yBXLpQSRpJfM5UE9yGK3ESFNoH4SzO4EXvelCQnKde+GxmAkfXl
         +9mYJqPO8T2a9HgiRWQQAydfi4Os+I/psbKaUaol02SIhApN8qacYUfg69snpcY1vrjJ
         FFMQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=1gGEVSbu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n128si3479271pgn.827.2018.03.06.14.49.19;
        Tue, 06 Mar 2018 14:49:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=1gGEVSbu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754336AbeCFWqn (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Tue, 6 Mar 2018 17:46:43 -0500
Received: from mail-oi0-f41.google.com ([209.85.218.41]:33923 "EHLO
        mail-oi0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753868AbeCFWql (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Mar 2018 17:46:41 -0500
Received: by mail-oi0-f41.google.com with SMTP id c83so244130oib.1
        for <linux-kernel@vger.kernel.org>; Tue, 06 Mar 2018 14:46:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=PAN6ssPRVSY4CpXdyC0TDmurZ/xGvqZB85skCjheNRg=;
        b=1gGEVSbuXWMfEbS/ieax21/9l3W5qnDF0RmkakB65i6KSHjuXx9GfZikt1sUYTLu9/
         WKUVO3tOjC4Wj6+fwkhQcygxgYT14F/BoHUkdTJZIEy+jRt3dgivq6zKRJbMry7rBoW+
         6xZEVpBoauNjlEaLNgZ/m4GWYlfss1pZnLJLilmJIZZ4v9LVYVK2LapplHzyU+unGMe3
         SgHDCZaXKkW/S7TwSfYnXdewgp0gucQ+NV617GJ0YZQ721uGIaugBbJ2N8sLn8egZ30k
         3Gf668O2Jgc/PATpseRNuP/YOJaGHGYR2YOyhTyM1yb+mzsxfBwK9axyS4xi3XscrT9K
         rk/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=PAN6ssPRVSY4CpXdyC0TDmurZ/xGvqZB85skCjheNRg=;
        b=dYv8CT7KBdtDQuEaiommMBpsApZ2Ad39vkTkfNQ3pCswfdlnudV8nEtDVq6BXWzLGM
         nKjgeXMFPNq4g/j5Vfz33CrjroTr1NCmSh4KoacLn5CW1M3RID7Szi1ULooaSQpYcg+n
         juJMg6/HxFgWGvI4hk8aAY3udY2qIbygt+fQFX5sUXcl5b+4T3/sYvh+MGMsPrRnzKg1
         WZK+5ju24Mfe/ujn8IDT+nidK8E4wwt4k50uickn4PvtbTIJLVbgWJATDes0MYcC41wN
         wHjduJTDaVmbS5NmnZg90MrIMr72/+CiptU8gnn9BCLIvs4xyJLfohVHOQ99AngI5Xz5
         azxQ==
X-Gm-Message-State: AElRT7GVeZixsX3ebLMSjUdjaTfk7PomNOnhT6c9KxjoF45PBfJLcVIO
        vDrj/GnMUYFemH6To/9WfxavKw==
X-Received: by 10.202.25.26 with SMTP id l26mr10848329oii.80.1520376399926;
        Tue, 06 Mar 2018 14:46:39 -0800 (PST)
Received: from cisco ([2601:282:100:1d07:4c7a:6831:6a5a:1b93])
        by smtp.gmail.com with ESMTPSA id f72sm1165768oih.52.2018.03.06.14.46.37
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 06 Mar 2018 14:46:38 -0800 (PST)
Date:   Tue, 6 Mar 2018 15:46:36 -0700
From:   Tycho Andersen <tycho@tycho.ws>
To:     Andy Lutomirski <luto@amacapital.net>
Cc:     =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>,
        LKML <linux-kernel@vger.kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Arnaldo Carvalho de Melo <acme@kernel.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        David Drysdale <drysdale@google.com>,
        "David S . Miller" <davem@davemloft.net>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        James Morris <james.l.morris@oracle.com>,
        Jann Horn <jann@thejh.net>, Jonathan Corbet <corbet@lwn.net>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Paul Moore <paul@paul-moore.com>,
        Sargun Dhillon <sargun@sargun.me>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Shuah Khan <shuah@kernel.org>, Tejun Heo <tj@kernel.org>,
        Thomas Graf <tgraf@suug.ch>, Will Drewry <wad@chromium.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH bpf-next v8 00/11] Landlock LSM: Toward unprivileged
 sandboxing
Message-ID: <20180306224636.wf5z3kujtc7r5qyh@cisco>
References: <20180227004121.3633-1-mic@digikod.net>
 <CALCETrV3OZb70o83uOG437PubwBwaUJ6SKQucq_7g1BuBOmxzg@mail.gmail.com>
 <2e06621c-08e9-dc12-9b6e-9c09d5d8f458@digikod.net>
 <CALCETrWnJ7WkkfiymyahQd7YqO0KXP4mG1pRMq7fp8LG8Bwtcw@mail.gmail.com>
 <a70b41ee-78cb-52cc-152c-ac5e43b7e45c@digikod.net>
 <CALCETrUQYp0ta4tLgUWJ79pZVwp3WRY7cp-XaPcn1WyTc=wZyg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALCETrUQYp0ta4tLgUWJ79pZVwp3WRY7cp-XaPcn1WyTc=wZyg@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 06, 2018 at 10:33:17PM +0000, Andy Lutomirski wrote:
> >> Suppose I'm writing a container manager.  I want to run "mount" in the
> >> container, but I don't want to allow moun() in general and I want to
> >> emulate certain mount() actions.  I can write a filter that catches
> >> mount using seccomp and calls out to the container manager for help.
> >> This isn't theoretical -- Tycho wants *exactly* this use case to be
> >> supported.
> >
> > Well, I think this use case should be handled with something like
> > LD_PRELOAD and a helper library. FYI, I did something like this:
> > https://github.com/stemjail/stemshim
> 
> I doubt that will work for containers.  Containers that use user
> namespaces and, for example, setuid programs aren't going to honor
> LD_PRELOAD.

Or anything that calls syscalls directly, like go programs.

Tycho