Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3454321yba; Tue, 16 Apr 2019 11:39:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqwx0IZXRlJeBCu78+5qmHjbSpwAbGukieqttRSGkYgklBxDt1vZzgN3w3o+Lm9xj1Zkic4E X-Received: by 2002:a17:902:e709:: with SMTP id co9mr85044940plb.86.1555439979714; Tue, 16 Apr 2019 11:39:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555439979; cv=none; d=google.com; s=arc-20160816; b=ThkxsCGNFzf26niTySMkn+IZ/M0/auSjmssr6H+RwnoZN6/QfsElGBiXn5vVyWvh4F lFRyvF4IGU1OniPkS+p1/w5WeBIepGSCM1NxQsoz9z+D4V9uk5/MvsT4Sdr52OFhOAk4 i/yMVMRYsDssJEmAI/m8pH8J3ZkihCzKFkNiVi0evOU4aR0z+vIg8INJA20o6FpsXgbj tYWbxU2Tri4745o7/hh0ZnYMfyKxfEG/PIsTonQTeEuKRz2/KTc5b657Hv8mWzctwddo HUpTevb30k1cfWU1HUfcLRI3A0RXkOpm2/AeLcAtX1f0d9St8T+sXvJJcudfD3zmnc1t MMtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject; bh=AkqLbRUFp95vvAUhzVQVVd6Mqt+R+63JHRIltCOxOas=; b=QL3wPmdkIGWf+57zpXP7SMu7x6jpzR6bvVUC0r6OKjZtj6UIiqOtG9Wl7TuCxfP+G5 rbBbUgM/kYwX/gD96/i3gK3q40jPqnmvCl5HhPpx06/GI5FGqSuVbGSDQCWy2N1EAXuI Gh2pPLUMzLkRHsd9ur62RVIedCzit4WU9ze0fkjiEc31d+nve8KBochDSnASOLvENBxn Cs7MIlLdHai43PFolc8wyjTtMAxzAJQJy4ojQ6Nl+fB7qpPXu8STQH/LAuOh9uyVqkxx 9cjhknriHwtx8cKldjqTCaK6CQBJws8ohY2SA+LPWYE9FFrywEWKt6iba2zekokTBxu3 1bVg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q3si22559397plb.176.2019.04.16.11.39.24; Tue, 16 Apr 2019 11:39:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730252AbfDPSiO (ORCPT + 99 others); Tue, 16 Apr 2019 14:38:14 -0400 Received: from mout.kundenserver.de ([212.227.126.135]:46353 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729764AbfDPSiO (ORCPT ); Tue, 16 Apr 2019 14:38:14 -0400 Received: from [192.168.1.110] ([95.117.99.70]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MrQ2R-1gSozg0JMN-00oWuz; Tue, 16 Apr 2019 20:37:35 +0200 Subject: Re: RFC: on adding new CLONE_* flags [WAS Re: [PATCH 0/4] clone: add CLONE_PIDFD] To: Aleksa Sarai Cc: Christian Brauner , torvalds@linux-foundation.org, viro@zeniv.linux.org.uk, jannh@google.com, dhowells@redhat.com, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, serge@hallyn.com, luto@kernel.org, arnd@arndb.de, ebiederm@xmission.com, keescook@chromium.org, tglx@linutronix.de, mtk.manpages@gmail.com, akpm@linux-foundation.org, oleg@redhat.com, joel@joelfernandes.org, dancol@google.com References: <20190414201436.19502-1-christian@brauner.io> <20190415195911.z7b7miwsj67ha54y@yavin> From: "Enrico Weigelt, metux IT consult" Organization: metux IT consult Message-ID: <8d1d47cf-3bf1-6c39-c02c-941515be1586@metux.net> Date: Tue, 16 Apr 2019 20:37:33 +0200 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <20190415195911.z7b7miwsj67ha54y@yavin> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:JcoF7ruGi9WnDSkbUJzxBWeTBFSuLepW2wpkuMV9h8I4206Tf/A aj/UHWl0DjblOhYGJsqXUeilFPE83wD1NFDNj7ERp6e37Y3ZhQqAK7cMKx6Da3oXve9qabT 1oQ+CSh6Hg+H2vfSYmRx33KgtX8GS0LGge6Uy+3RvV48tQbtHIsp+azEkUsERMthsR3qNgl sJ3ydc3LuuNZOnzgwTBRw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:08X1fIcby/k=:/ft9IaL0MpfzKxtwBnk8Yh Tm6QMTDRLconR/xjQ1ehvfHkf1xAbpiHDmxq5E42ywAmWLk+jyXW3bWYu0IXxGzosDCCV9dWk 5IcbfDeqmEVbQz40H01tSjro5tUoCSxsFz5v7CNoASqL/VBxGSiC9/qCCa5z5Xgq5DQr0RbkG nyy4L9zYPSE4MiMs465Fc7CIcSyJTr1pmsA5mtJKaGjaM21DATN248S2E5PNq2f1fxRS0UIec dGzZ3VGXCmGj66pqEuRZLRsZcWE9OkZtCkFy7B506ebn+ERJUmZv3vB3OGAPGipASPkcaOXCz V0IniNDIYrEQMP/iM4tD6n8Rn1Bq4Utv9mUtTwwNq6WgMv1MnREikLq10Hu/90Jj3QwLxJQjw h05RfaXJ//qBW/AbRjWhXeMeB9WOkIru0aNq+43vt+L6YJNjk53y4CE/poZSt/SCgU3E6DR4k Tz8V8//aLu8ofVg7oJrXXo93Fz6SXGOR2tuAAkbUw2lLj+fY7bvTiNXO8ZM2i5g98Exon4F9W KzUEw+ZTeo9aK493OhIFOWxMndgupEjLzAqx/YR9t3m2XI8DS+axhNpa9G67w6YBgP8KPzvyF 8BEvbyGiXgJ9dV0bOPp2KbgSANhvCZ2Z2dTrPSM5T84s0Za+XfTbJqWO9iPy+9DIz9Xtr9iPN cYuruDODnvIv4QhO/hnaWlDX2mGQwV6ldMqk5TUaXZTiRPJcvGiJzdBuKiqYp8kNWTMPbLUEY aJdPo92nHhfM8DN6xlkbvrduiJxuGgpKpViLlhvAtOqe2UpemmFYz0lY0gI= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15.04.19 21:59, Aleksa Sarai wrote: > Just spit-balling -- is no_new_privs not sufficient for this usecase?> Not granting privileges such as setuid during execve(2) is the main> point of that flag. Oh, I wasn't aware of that. Thanks. --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287