Received: by 10.213.65.68 with SMTP id h4csp959518imn; Fri, 23 Mar 2018 22:43:33 -0700 (PDT) X-Google-Smtp-Source: AG47ELt4D06B/L+qKEh8XyFtOPb6mA7bd48/iPliBIQjUH4S5qPlCxstSNCF6aqw4QJ7t3dtiILh X-Received: by 10.98.37.132 with SMTP id l126mr26612936pfl.102.1521870213834; Fri, 23 Mar 2018 22:43:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521870213; cv=none; d=google.com; s=arc-20160816; b=TZlDE9kkBFkX0yZt17ebP4EQh1H9BQ55J8XpCenj4rG4oXliF7HucwFa2nztrkISuK Sx2POEawy/1QNPV04xbss/KadU11KcT7hJ7jCP7HS79QPeAtodZoztR20PI2qYSebmR5 d+7oJupmjyNLKK0BLlmVyfXyAthfl60nbqG0YLyDL4n98ZnIVzFYA6VYGnJwibfNxgp1 YNZd9RNjJw5l801k+D9ERvk19g8+RhTIlMWat9gFqJhjuePNoPcYQdyN8J94vKwLnzWD zlxFWHAVyzSMwOrWhWixfjyvz7uh7q5dwDHvJb3+5JNlkriwjd5cEAGNvNFrfOjnv19f /32Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from :arc-authentication-results; bh=8c4uyiSfIPyIyGAFxtUnRFbMZIuMsdZdOfJIXDpCqhE=; b=IeCXzQtUyM1SR5LLgecxWGf8lG4XTfLVwvVbOK+nSEZSPjxERbtZDmtrUDp5JnyZfz wagGylNG9FdWaZRKWr20DKCvwXfKFQLrCgOtWHc/6tTdO6CsBLulFYSKHd9OifVbZQqn 8nWEJ31rgrHAvyJYmgLr0J/gKsptIkArgwsVikRcweh4CYsKWCyrRMMzcDJG6HADTLoe tf+HURqEGVStXulAp/SCk2YobGZyjfpafSz0FaTIMIXeQxiHC8aQSa0oxKEqsFljUjZ9 d5X/Qo4214h6TBTJQ3X+YGgnPUQd8wzTMg2WWPVUJ/CY0n3XrQD9HsBhbHdbOFloWEkY 5W6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si7169355pgq.423.2018.03.23.22.42.38; Fri, 23 Mar 2018 22:43:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751675AbeCXFj4 (ORCPT + 99 others); Sat, 24 Mar 2018 01:39:56 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:56309 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750972AbeCXFjy (ORCPT ); Sat, 24 Mar 2018 01:39:54 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1ezbsu-0002UW-RY; Fri, 23 Mar 2018 23:38:32 -0600 Received: from 97-119-121-173.omah.qwest.net ([97.119.121.173] helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1ezbsf-00013b-2M; Fri, 23 Mar 2018 23:38:32 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Casey Schaufler Cc: Linux Containers , linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, khlebnikov@yandex-team.ru, prakash.sangappa@oracle.com, luto@kernel.org, akpm@linux-foundation.org, oleg@redhat.com, serge.hallyn@ubuntu.com, esyr@redhat.com, jannh@google.com, linux-security-module@vger.kernel.org, Pavel Emelyanov , Nagarathnam Muthusamy References: <87vadmobdw.fsf_-_@xmission.com> <20180323191614.32489-3-ebiederm@xmission.com> Date: Sat, 24 Mar 2018 00:37:19 -0500 In-Reply-To: (Casey Schaufler's message of "Fri, 23 Mar 2018 14:55:09 -0700") Message-ID: <87efkam3u8.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1ezbsf-00013b-2M;;;mid=<87efkam3u8.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=97.119.121.173;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/p6XmQW0IBxmG3YOOQAvhFrM2DCG1iNaQ= X-SA-Exim-Connect-IP: 97.119.121.173 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa07.xmission.com X-Spam-Level: **** X-Spam-Status: No, score=4.5 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TR_Symld_Words,TVD_RCVD_IP,T_TM2_M_HEADER_IN_MSG, T_TooManySym_01,T_XMDrugObfuBody_04,XMNoVowels,XMSubLong autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.7 XMSubLong Long Subject * 1.5 TR_Symld_Words too many words that have symbols inside * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 1.0 T_XMDrugObfuBody_04 obfuscated drug references X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ****;Casey Schaufler X-Spam-Relay-Country: X-Spam-Timing: total 15025 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 2.8 (0.0%), b_tie_ro: 1.93 (0.0%), parse: 0.82 (0.0%), extract_message_metadata: 13 (0.1%), get_uri_detail_list: 1.19 (0.0%), tests_pri_-1000: 3.3 (0.0%), tests_pri_-950: 1.16 (0.0%), tests_pri_-900: 1.03 (0.0%), tests_pri_-400: 19 (0.1%), check_bayes: 18 (0.1%), b_tokenize: 6 (0.0%), b_tok_get_all: 6 (0.0%), b_comp_prob: 1.86 (0.0%), b_tok_touch_all: 2.4 (0.0%), b_finish: 0.53 (0.0%), tests_pri_0: 174 (1.2%), check_dkim_signature: 0.56 (0.0%), check_dkim_adsp: 3.5 (0.0%), tests_pri_500: 14808 (98.6%), poll_dns_idle: 14798 (98.5%), rewrite_mail: 0.00 (0.0%) Subject: Re: [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Casey Schaufler writes: > On 3/23/2018 12:16 PM, Eric W. Biederman wrote: >> All of the implementations of security hooks that take msg_queue only >> access q_perm the struct kern_ipc_perm member. This means the >> dependencies of the msg_queue security hooks can be simplified by >> passing the kern_ipc_perm member of msg_queue. >> >> Making this change will allow struct msg_queue to become private to >> ipc/msg.c. >> >> Signed-off-by: "Eric W. Biederman" >> --- >> include/linux/lsm_hooks.h | 12 ++++++------ >> include/linux/security.h | 25 ++++++++++++------------- >> ipc/msg.c | 18 ++++++++---------- >> security/security.c | 12 ++++++------ >> security/selinux/hooks.c | 36 ++++++++++++++++++------------------ >> security/smack/smack_lsm.c | 24 ++++++++++++------------ > > Can I reference the comments I made in PATCH 01 of this set > regarding the Smack changes? The problem in all of your changes > is the same. You aren't preserving the naming conventions, and > you've left in some code that is just silly. Being silly like that is actually important to make a sweeping patch like that boring and trivial to show that it is correct. Anything that is not a rule based transformation is much more likely to hide a bug. So for the push down of the type change I think it was the right way to go. That said I am happy to add a clean up patch that makes the obvious cleanups and simplifications to smack_lsm.c. Eric