Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3144429imm; Sun, 16 Sep 2018 10:46:11 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbzWedl9vi8723BarkmpR8GfNQwd97hq64puB0+iB2y7GQYoPJxPoBzTRWjhbWulLF5IDng X-Received: by 2002:a17:902:558f:: with SMTP id g15-v6mr21635681pli.38.1537119971597; Sun, 16 Sep 2018 10:46:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537119971; cv=none; d=google.com; s=arc-20160816; b=Q/3Ao31imPzCy0UKfGnEnvNe+L/v3iYIvmIrtVv8Int9MdRX8wzLmES0vJayQ8Ne6j l4M44w+kRSmcbMphumTNIZXHl5+jxugIOYuQ/BLtK5WpEPS2FDk/ol75oPT1mB7U6EzD ZyCLN+4h0yyI5sI7fIYSRg01YZyHNBg7Cr/AlZiE/mHFmqIqEasB7OTLVo9LPppWXRCL px297fe/D0nHtIskiMVA01i/VRarj/QQxRcW/XVIXATfHalqgzWZjY5e1Ynv7Z/yCN5z 0v3cNk9qzL1UXhQAHROXm+1lH+rB7gS5ZtqsJAj7+sIERXXO6F6f58g5m4xcbN/stlxx mGmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=JhdvWuDVQFsdqVFmAHzjssaPl0rByfw+FXL01nn4Ans=; b=0KnhWDKSnrtT5BjCbfX6Ykt+itaFhbG6JSVKxk76YhGMLSEX8JYLljMeJAgvJPz55u QEuJE8xkBUo+aNjUqa1Hicy9eUGogqHDOguOBNH9GewnhtBaQNVdO3/benp6WDlPglOC LoisYmJmkd2ckxBCUMU8diEp5GE8duRNJPoagVas6aXSdXZH/rbCGOZ4hNgTY+0uCz3K RPJM2FZ5hAAHj0sNoDe1WdmeExscYMuz9+JjWbuLdmxi0t9x71BeOfD6RtOl/O2jtDsa gRi7wJuRtpNq9bxLxfbe+CKgWoBqlYKurx2n0Xa976F+4gFwC0jdtxBghYbttUGmpW7R X+Qg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UGas0xMQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r8-v6si13056939pgl.392.2018.09.16.10.45.56; Sun, 16 Sep 2018 10:46:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UGas0xMQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728421AbeIPXJa (ORCPT + 99 others); Sun, 16 Sep 2018 19:09:30 -0400 Received: from mail-ua1-f67.google.com ([209.85.222.67]:37351 "EHLO mail-ua1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728239AbeIPXJa (ORCPT ); Sun, 16 Sep 2018 19:09:30 -0400 Received: by mail-ua1-f67.google.com with SMTP id y10-v6so9384551uao.4; Sun, 16 Sep 2018 10:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=JhdvWuDVQFsdqVFmAHzjssaPl0rByfw+FXL01nn4Ans=; b=UGas0xMQ5oAzf5aiSSwomP8obEcLoTSX46kXwFSlYv0FU7XNDENb8D7iXcjl6CAJ5O QxDLIXr3rdoZqtdHaPdcj4coak3aNOIBLnz3T4EL5NMx03ezAph24UuW8eVvtY4i3T6x yBgWehK8ca5MYNcKzUs/gPhzDVoSc6N+oiq+wHMPGoiJO3iHRRLOE9A/PNYCUYDsIEof OXWgM0/ri7caFfr5HM6XAQLLdEvoeZ+4yUOwS3T4GGd9E617mAuJq91zPIJn/v48Snis ut/F+v/nTd8ZP/rajGs/tUzIuvWaG03PDY59yCURvE+WPK1IzSTeOR5BLZeQTAwgHjtQ glXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=JhdvWuDVQFsdqVFmAHzjssaPl0rByfw+FXL01nn4Ans=; b=cVMY8Jp33qTz8GjiCbTLDI72D6Gi/3UAIKhG0e0SMT9ybo7p99X7JtgC0Nywbf4Ean CnoCltteWdXTRLTn4RGGozJ/is5hNOHjELIl5/f7OYH8O+EFhLLGYCtc1HQ8xYwWt+g8 Ni8xFkkMqbypkBVKPSIom8ndAu//CyAtf+nz4VXc/mhR39vQrVB1owMMRXxx0gokelBG ezAZqhqMQ248JkoxnNccpdOxfG2ZxWNlmc+++DOe/Eru867Z/1thbQn12vlXEFfATlM+ S1NAyaJrmJuZN+Jw1ZWBV5d3lOMvfaCdf2mgv/jQ6u8UTEvF2WxDrkV1In1RZLGvKVId 8wuA== X-Gm-Message-State: APzg51A63DmVNyYAtDWAFltTk5CebiRdH7rl1xXkZhNy27deMIRQpc6Q zTSz4HztO3GqoxUPV13thN5JvKoqBzl51dE/K7s= X-Received: by 2002:a9f:2745:: with SMTP id a63-v6mr6541975uaa.175.1537119949661; Sun, 16 Sep 2018 10:45:49 -0700 (PDT) MIME-Version: 1.0 References: <3cd46663-e566-5ffc-32a4-00a90cd1346e@schaufler-ca.com> In-Reply-To: <3cd46663-e566-5ffc-32a4-00a90cd1346e@schaufler-ca.com> From: Salvatore Mesoraca Date: Sun, 16 Sep 2018 19:45:38 +0200 Message-ID: Subject: Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock To: casey@schaufler-ca.com Cc: James Morris , mic@digikod.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, john.johansen@canonical.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, adobriyan@gmail.com, casey.schaufler@intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Casey Schaufler wrote: > > On 9/16/2018 9:54 AM, Salvatore Mesoraca wrote: > > On Wed, 12 Sep 2018, James Morris wrote: > >> Adding the SARA and LandLock authors for review & comment. > >> > >> Salvatore & Micka=C3=ABl: does this patchset meet your needs for mergi= ng to > >> mainline? > > Since the last time I submitted the patch to the ML, it grew a bit: now= it needs > > inode's blob stacking (which is already included for Landlock) and > > kern_ipc_perm's > > blob stacking. > > The last one isn't implemented in this patchset, but it isn't > > absolutely necessary. > > I can merge a version of SARA that doesn't need it and than update it > > when possible. > > I can provide the same level of protection without using kern_ipc_perm > > blob, I'm using it > > just to minimize some potential side effects. > > Adding kern_ipc_perm is easy. As it looks like there will need to be > a few revisions I will add it to the next set. Great! Thank you very much!