Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp51604imm;
        Thu, 27 Sep 2018 15:49:07 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63sbVoHor8QpWVpyBYOxKVblOg1w2f/c15bwC9akgwdVbuMaatHN5vi3XITh0lG3dB71gI3
X-Received: by 2002:a17:902:4401:: with SMTP id k1-v6mr12737163pld.97.1538088547197;
        Thu, 27 Sep 2018 15:49:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538088547; cv=none;
        d=google.com; s=arc-20160816;
        b=XxeiKYCJR3CznVzvNJCXzLyAFXmt12kNJ7TVbDk8Hz3mt3QPxVYEo4zGF3VAZH7Y0e
         8kk0XJISn9ZNe8PiuCWgKwIg4lxsSpIMwK5MOe4CYvVJHy+hngQdsFKHSlBpXUqd6wfu
         04Xkb+AIDtT+vLd1KkBQFvaR7hKkf7D6ymRHETyE30uDQbyL9zQT6cF7bTJRS2X7z7Ln
         SX/CoHyamOvTRAHwfsO4VjKTVjH5QyabJuLnguu5X3KUt89reDzY8zd39/9OuR7U7uEE
         zww0Z+6nthK+65lJ80DTpWfj3FYqMhAtSsrre5+9hYh8YiN5K5J38EmuUoDOwbXL6Mmo
         lgcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=HLM3FR40VWOPddUdRQS3cFIxQ0ATwoKk9YdnuGpy86Q=;
        b=Qk3kT+Ck8hZAEhB6ggKYwU9VGMFdHSlOBuVUnXuSVpstjg0o8MWTXut5/YWD97QbZ0
         SDhftHczqPl0yX/midhYXfcZhdCPzeJLA0bzeIQK9eKB+C++/rmsd4zQiYbme29qsGTx
         SCHiF9nqupntXtWyC60M8fiI7dhBgZOoZ6811uba+bvs1WdekPk9VmIX1shOUslerwnQ
         /s5TyMrqJ340N3Wrrj2fhCdsyh55nC5gzJNIfo41S9GFaKvRim1s4sZYnIlT83PHGiSh
         82QqpisrrMHepvraoP4W3a1/ewxfkoY6HRnjhIgzIT38uUYsTvmGhIbLHJwATKMWD5LA
         W19g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q66-v6si3241192pfk.268.2018.09.27.15.48.51;
        Thu, 27 Sep 2018 15:49:07 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726505AbeI1FJM (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Fri, 28 Sep 2018 01:09:12 -0400
Received: from namei.org ([65.99.196.166]:33500 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725917AbeI1FJM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Sep 2018 01:09:12 -0400
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id w8RMlDqm012364;
        Thu, 27 Sep 2018 22:47:13 GMT
Date:   Fri, 28 Sep 2018 08:47:13 +1000 (AEST)
From:   James Morris <jmorris@namei.org>
To:     Casey Schaufler <casey@schaufler-ca.com>
cc:     Casey Schaufler <casey.schaufler@intel.com>,
        kristen@linux.intel.com, kernel-hardening@lists.openwall.com,
        deneen.t.dock@intel.com, linux-kernel@vger.kernel.org,
        dave.hansen@intel.com, linux-security-module@vger.kernel.org,
        selinux@tycho.nsa.gov, arjan@linux.intel.com
Subject: Re: [PATCH v5 5/5] sidechannel: Linux Security Module for
 sidechannel
In-Reply-To: <025d4742-5947-545e-f603-502a0c5ee03f@schaufler-ca.com>
Message-ID: <alpine.LRH.2.21.1809280846280.8410@namei.org>
References: <20180926203446.2004-1-casey.schaufler@intel.com> <20180926203446.2004-6-casey.schaufler@intel.com> <alpine.LRH.2.21.1809280744560.8410@namei.org> <025d4742-5947-545e-f603-502a0c5ee03f@schaufler-ca.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 27 Sep 2018, Casey Schaufler wrote:

> On 9/27/2018 2:45 PM, James Morris wrote:
> > On Wed, 26 Sep 2018, Casey Schaufler wrote:
> >
> >> +	/*
> >> +	 * Namespace checks. Considered safe if:
> >> +	 *	cgroup namespace is the same
> >> +	 *	User namespace is the same
> >> +	 *	PID namespace is the same
> >> +	 */
> >> +	if (current->nsproxy)
> >> +		ccgn = current->nsproxy->cgroup_ns;
> >> +	if (p->nsproxy)
> >> +		pcgn = p->nsproxy->cgroup_ns;
> >> +	if (ccgn != pcgn)
> >> +		return -EACCES;
> >> +	if (current->cred->user_ns != p->cred->user_ns)
> >> +		return -EACCES;
> >> +	if (task_active_pid_ns(current) != task_active_pid_ns(p))
> >> +		return -EACCES;
> >> +	return 0;
> > I really don't like the idea of hard-coding namespace security semantics 
> > in an LSM.  Also, I'm not sure if these semantics make any sense.
> 
> Checks on namespaces where explicitly requested.

By whom and what is the rationale?


-- 
James Morris
<jmorris@namei.org>