Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1248399imm; Wed, 1 Aug 2018 12:36:42 -0700 (PDT) X-Google-Smtp-Source: AAOMgpd7gHnsCecZsNifFMyFmaOKX3bSFT2+y2Z2EFO1f+NEgwRAh5GaPSM3kNu5sxC5gw0FNN+h X-Received: by 2002:a63:66c7:: with SMTP id a190-v6mr25582476pgc.411.1533152202723; Wed, 01 Aug 2018 12:36:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533152202; cv=none; d=google.com; s=arc-20160816; b=AFfKIh9fblR9cOHW1SCORya4xI+IHkgsf5bwgE/Zdga9PhrNt4cTZBQsbVF0L6zA2z vlRUYKc2qRVslO9qT8sZ7epKrxoANIjk37brdVILVNPaJCWjF7z9D/XiqOuTLp0HcPYn tghRAW3cqAqpQirojv7SjBzGBoXVpl2fAq9Jbl2n6kO2d0o2fIhcAJ/WYdt0kIdBBquF b4rEF1fUIXo7HJ/uuMGiDFnYmuwiPqSktrHoh6BLhOp5g+LMMj94uAzGD/mh1W9ncTPF 8OTgG4Glv98PLw0uqBQ2tD1TcJY3Hru+ilI0sEb83T5HOOyNnAXNYPFfDcGH9TwyxPmz IqZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=85ZGkQenKSlCi5bojaH7TdkzjMnlkqyb/EN+GOMAt0U=; b=zqiTLjrmQ3a+//D1SkAHUZ7entzyMdmoLc2+uw/imaeObEoC36nwOywssb2dKE9ESO MY0wu7Mlxe1vYl3yiVPYZQDObbTXlZnM5BzycLfQ+s/B/OR4JofARpT3DGXZcXoutAHl v9iKttyEvKiFCOuau3NvF8Q3CNbWhvw3FxwvBwX7qfbPSgMCvRe+5K+Yi2GY5+aMjYWh wQefTHD31P1fmF8DZJ7PT2TPSWPLGGo7bVx/6YDxxuQxlhrFFP8IB2c4/3fyfH9Q0+H1 SnTy231qk9T2LVAiwu8Qm6Zc02Rn8Gq4s+TNeXenQuVh9M6lQ6jpLZC6SrcsCzyM43Gn VLFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x69-v6si16865110pgd.635.2018.08.01.12.36.25; Wed, 01 Aug 2018 12:36:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387605AbeHAVWD (ORCPT + 99 others); Wed, 1 Aug 2018 17:22:03 -0400 Received: from namei.org ([65.99.196.166]:41410 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387396AbeHAVWC (ORCPT ); Wed, 1 Aug 2018 17:22:02 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id w71JYcVv010827; Wed, 1 Aug 2018 19:34:38 GMT Date: Thu, 2 Aug 2018 05:34:38 +1000 (AEST) From: James Morris To: Micah Morton cc: linux-security-module@vger.kernel.org, serge@hallyn.com, Kees Cook , linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] security: Add LSM fixup hooks to set*gid syscalls. In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 31 Jul 2018, Micah Morton wrote: > The ChromiumOS LSM used by ChromeOS will provide a hook for this, in > order to enforce ChromeOS-specific policies regarding which UIDs/GIDs a > process with CAP_SET{UID/GID} can transition to Will you be submitting this LSM to mainline? It's a policy generally of the kernel that we only add features to support in-tree code. -- James Morris