Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1368014imm;
        Fri, 28 Sep 2018 17:27:49 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63iwr70bAKV00VmiUQK9NVnM+9pDjM6PFE/hTsgTxKWSsBQqJpWkAxeH+kXhn0jyU7txDQ1
X-Received: by 2002:a17:902:3041:: with SMTP id u59-v6mr886863plb.99.1538180869759;
        Fri, 28 Sep 2018 17:27:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538180869; cv=none;
        d=google.com; s=arc-20160816;
        b=Dcetx1S85aIfJtEVT9WwkTGfrHQdOdQxhtG6VPDNkjVEUhooRgMM2MNANZ9FBZMoR5
         B8X0fwoKIfBi8OkW3oRNI38QSDRZ+/X5Ut1jvbFPQo4s4PD7xPOhH4LsPOYl/Cl7bfsp
         bLoHNeOk8DRxB6/4G6z5wdEST1k9Lyvri6yK0HPsHvL+N7fjVSp6036EkV/f9/nrwd8F
         wlPK58nhtaReHACEOBdGkLnTuwGwi+zmczM/WkIeZrWSG9BviCuJqGclkU0WD/EnQIjy
         9gzbUKhrnFjZWFBMLy8FuMojAC5OuTWJsqVO+8rSKEAqBX+V08UPiGMroYj4gdTiqM4q
         5txA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=EEME68AIZq5kYcTVIUk7Cts1JUtaXK85ZdL6XbgT0KU=;
        b=H38StZ8XNbsDBk/E4zNsk5MCRQ5AAJ7V4g/59uPjofFZSTVC0c8uvOeRAdIlcT8iAq
         3Kk1FiOT39f5R9BtGRVFd27GN6MC1FF0EZvkWtgxIFJMPfk7FZpZTLmZSRRP50/oX/wM
         iKahnkIfujWhUeCE5p6cxQWRz4/I0iTuiQ45trQcceGqm6Ls86ai0ey+dYFm4zr0Oz/q
         XTyF7GhSTJOaY0FKIM+MEkE/knLFP1LoQX0ZBMim30+uqKkCJLZ9kpNX/NtlxcCzz8ny
         lAxKSQYqOySPnWRaNbAfwrR+sjBx+u5oRhHXtD+KZCGkKvyg0S5HJli4WoBT4zyZH9hR
         undQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g16-v6si6237014pgb.117.2018.09.28.17.27.34;
        Fri, 28 Sep 2018 17:27:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727321AbeI2Gxn (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Sat, 29 Sep 2018 02:53:43 -0400
Received: from mx2.suse.de ([195.135.220.15]:56488 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726287AbeI2Gxn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 29 Sep 2018 02:53:43 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 2B05CAE14;
        Sat, 29 Sep 2018 00:27:27 +0000 (UTC)
Date:   Sat, 29 Sep 2018 10:28:55 +1000
From:   Aleksa Sarai <asarai@suse.de>
To:     Tycho Andersen <tycho@tycho.ws>
Cc:     Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>,
        linux-api@vger.kernel.org, containers@lists.linux-foundation.org,
        Akihiro Suda <suda.akihiro@lab.ntt.co.jp>,
        Oleg Nesterov <oleg@redhat.com>, linux-kernel@vger.kernel.org,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        linux-fsdevel@vger.kernel.org,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Andy Lutomirski <luto@amacapital.net>
Subject: Re: [PATCH v7 1/6] seccomp: add a return code to trap to userspace
Message-ID: <20180929002855.bcx5u2kabtqjtcnt@mikami>
References: <20180927151119.9989-1-tycho@tycho.ws>
 <20180927151119.9989-2-tycho@tycho.ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
        protocol="application/pgp-signature"; boundary="q7cghsiykh2acose"
Content-Disposition: inline
In-Reply-To: <20180927151119.9989-2-tycho@tycho.ws>
User-Agent: NeoMutt/20180716
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--q7cghsiykh2acose
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2018-09-27, Tycho Andersen <tycho@tycho.ws> wrote:
> This patch introduces a means for syscalls matched in seccomp to notify
> some other task that a particular filter has been triggered.
>=20
> The motivation for this is primarily for use with containers. For example,
> if a container does an init_module(), we obviously don't want to load this
> untrusted code, which may be compiled for the wrong version of the kernel
> anyway. Instead, we could parse the module image, figure out which module
> the container is trying to load and load it on the host.
>=20
> As another example, containers cannot mknod(), since this checks
> capable(CAP_SYS_ADMIN). However, harmless devices like /dev/null or
> /dev/zero should be ok for containers to mknod, but we'd like to avoid ha=
rd
> coding some whitelist in the kernel. Another example is mount(), which has
> many security restrictions for good reason, but configuration or runtime
> knowledge could potentially be used to relax these restrictions.

Minor thing, but this is no longer _entirely_ true (now it checks
ns_capable(sb->s_user_ns)). I think the kernel module auto-loading is a
much more interesting example, but since this is just a commit message
feel free to ignore my pedantry. :P

> Signed-off-by: Tycho Andersen <tycho@tycho.ws>
> CC: Kees Cook <keescook@chromium.org>
> CC: Andy Lutomirski <luto@amacapital.net>
> CC: Oleg Nesterov <oleg@redhat.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
> CC: "Serge E. Hallyn" <serge@hallyn.com>
> CC: Christian Brauner <christian.brauner@ubuntu.com>
> CC: Tyler Hicks <tyhicks@canonical.com>
> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>

Would you mind adding me to the Cc: list for the next round of patches?
It's looking pretty neat!

Thanks!

--=20
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

--q7cghsiykh2acose
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAluux0MACgkQnhiqJn3b
jbShfg//elDogyxGNl2K0aVd1a01yiY3io1AMaYdFo3t1iFXaQ+chVYkP8KnhC1F
Ce3a0GnCn1x7y8yCWipt+QcaI5vuby8x4xVMJbvQCO2kYp89LAgjE6se2ZlXph2C
HW2UuXLgntTJJpphn3pOhzOQe8wP87JGLLYEIZ0AlvHxycWlIT9fk4YWT7LDT+ke
egGT8dMRyIWgu3mjOBqAhmi38tjjaleyT4t0BqUZU5TopNBpkciedyyQsfrKqHeS
T0mP11fnKDqu2ikwHvz93JgDXDbwneooRkHEyHu4+lXK1XQoZhYpDhN5w4+DUsnB
SrUg5+JEoz0jUJ5TgGko7Y6J8wHru2j7Vr4hZyMhxgsCqceBgdykXq0ZjMXwo2oM
vCbzyJz3VY0SDTY49c5iNFCqrJ9FKA17GqTZ2mVAtVCGqKoluw1UAmuzR8EYW4Mj
H9tsxCepS+FKVlhTzCoGhuPUSBBgrY6u30vMuirR4A1Eo3M8/RvXjWERK0r7n2vl
v5pvOP0WoxAQvgQ256xzduuqERU+CgX2rLcEgLRsCSltCJlGdkLlwQWz0iKEaX9i
Iqb+RUkM/qJLenIR28bpF1haDwnfZ2JEouRFD4I8VRy81fKLASpK8YfE6aEaLHfM
VSDPxoHYzQeN7u7WZX5WBPIkFUvoBhI2k2dxHLeQ+TQQbgFdgEk=
=GIx7
-----END PGP SIGNATURE-----

--q7cghsiykh2acose--