Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8390861imu; Tue, 4 Dec 2018 07:41:50 -0800 (PST) X-Google-Smtp-Source: AFSGD/WW7Wuj78jUsY5mPnXS6U+y5pgS1pyeRaW8Hocejlu9BisT+txQyobAdArLF5zvI3HBurm9 X-Received: by 2002:a17:902:a60f:: with SMTP id u15mr19570617plq.275.1543938110003; Tue, 04 Dec 2018 07:41:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543938109; cv=none; d=google.com; s=arc-20160816; b=nQvXXGtE794TQY3dPKT/7e5JucLR7BGiq97QRmiTkYr9QdHTnZE+a8iBhfcBvyc2ar 9GPnfq3qnKCJtleNlNCZI9FjcGvF36jf6f66s1Km3RHTmb3s2NPER6YYJfp50KgFrKlU AF7kqPhHQD5J20hgT7Tj94gi9JbFaDu5/HghQtOCrek+Qr3BsPZz0u1sxF8IyXz0r7TA QOdrWP45Edcj5VrqNi79UHtCYNN2YWENardlSwETGAFEMpQ8RaCDF/+rhsxq6tbrKddm JMYOgUCSFpqTvDml2+qR8OfZ33ClmFX5VLOmUS+0Urs95H2EzzaantT2qn75PnaX7RHI dMow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+8Usk423ndDeBccwZQwGZOTk5EVc8Nkd0vtAXLOPWCI=; b=Zlqvyc6O8u41ArNExO8smWDO1dWBksQNDJwQ3Ek1kqHzxhMgMMKqSvXVhbb/UvdY5r VNcIkY5/cYf0T6eEpGL2Q1KP6qhe6k906o2Z4egNAcOwopzQkFFBnPOAdsC1n4fvfFga SaIp30ziREesa6pfuioRXft0SFC3lBRX7R19gcyPpQ/PdyJnVSjgyvi+2rywDOAqXHhm oBcyZzCx2cnesgy68iJDOdtC2K8F48FM0g0msf1Hu9LuBRfxBa4AOqln4M1FF+g9PQ44 7gFPMFNDvKe5y7BQS8f/XO3UWkm4A+ApxD4kP0W4iBFKT0L0hrOYLN/RH0KJJBTQV/Fq BByQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b="Zm6j1/lg"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k91si10815175pld.283.2018.12.04.07.41.34; Tue, 04 Dec 2018 07:41:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b="Zm6j1/lg"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726504AbeLDPjq (ORCPT + 99 others); Tue, 4 Dec 2018 10:39:46 -0500 Received: from mail-it1-f195.google.com ([209.85.166.195]:52669 "EHLO mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726302AbeLDPjq (ORCPT ); Tue, 4 Dec 2018 10:39:46 -0500 Received: by mail-it1-f195.google.com with SMTP id i7so16029388iti.2 for ; Tue, 04 Dec 2018 07:39:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+8Usk423ndDeBccwZQwGZOTk5EVc8Nkd0vtAXLOPWCI=; b=Zm6j1/lgonn7mxUEQUaaOFqPeS0MG1V9gjBHo3EdxrJvY73h5nDBiZlj9Kqm59GHUU 9GZzbIikny1ojO4y/4OWvUA0iA9ekcOfIbXU+mhaQ/YwUOVExT3wU8dRYR+YCPLYxEc/ V93sl1AOVa6hYmaFAHXRYcEfqNPVAqKhtqfz8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+8Usk423ndDeBccwZQwGZOTk5EVc8Nkd0vtAXLOPWCI=; b=PSUgtX8vriMMTwmMsGEjEt6+MVx4YfTM19QRMkfBmww3zhRskq0c66z8HuaPIe8Aww Jp7muFikkSNddPdBvSN4czEtsGj+HICz/WjMJekSvxDjCrWu+JY0HNAm4a/hmM1l2ihM VHeEkWug6Vv58TQdwWn3ZSDW5G8mPrBLcQAOfhNn9+lSUFECUfbtJilhI4U1XfUqw9BQ mUJdQbCAgVQwJf5Hucn8pQZUgMInC1asMqGswKbqKx+o3WmggOt7gOmuX6YjMUoGASvt WmgVmX/+n7ELWRSTuETf22xyOi1skkT8xaKUA8AhLvQ0/ci/tyWO7Tf6VxPgOo7l1uAw Wskw== X-Gm-Message-State: AA+aEWY3hxCOjX3WBVlmcthYYQJFC31jXFrCjKWE4yeMJG0sfCY9jQ5H 9DO4WDkD1H2XBBMZ3ZXInEhVXWm6/LxFiQ5NomtJIA== X-Received: by 2002:a02:a484:: with SMTP id d4mr18422781jam.77.1543937984513; Tue, 04 Dec 2018 07:39:44 -0800 (PST) MIME-Version: 1.0 References: <20181127210542.GA2599@redhat.com> <20181128170302.GA12405@redhat.com> <377b7d4f-eb1d-c281-5c67-8ab6de77c881@tycho.nsa.gov> <26bce3be-49c2-cdd8-af03-1a78d0f268ae@tycho.nsa.gov> <6b125e8e-413f-f8e6-c7ae-50f7235c8960@tycho.nsa.gov> <4c20a261-5ce1-f0a2-8d40-c6032a023216@tycho.nsa.gov> <6feb656e-b1e3-5839-ce5f-669ae5a55b7f@tycho.nsa.gov> In-Reply-To: <6feb656e-b1e3-5839-ce5f-669ae5a55b7f@tycho.nsa.gov> From: Miklos Szeredi Date: Tue, 4 Dec 2018 16:39:32 +0100 Message-ID: Subject: Re: overlayfs access checks on underlying layers To: Stephen Smalley Cc: Vivek Goyal , Ondrej Mosnacek , "J. Bruce Fields" , Mark Salyzyn , Paul Moore , linux-kernel@vger.kernel.org, overlayfs , linux-fsdevel@vger.kernel.org, selinux@vger.kernel.org, Daniel J Walsh Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 4, 2018 at 4:32 PM Stephen Smalley wrote: > Ok, I concede the point. Not sure what that means though for v4.20. I have the revert queued up for v4.20 as that's the safest. Don't let that stop the discussion, though, I'd especially like to hear the arguments from the Android side. Thanks, Miklos