Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp8491021ybi; Thu, 6 Jun 2019 13:17:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqwINAR4bdo2wY0XUJKpIlzOs/0U+Bk8M8X1bweipfIrHy0OmnrHR/dZXqHEzzS1BbEdWmE3 X-Received: by 2002:aa7:9825:: with SMTP id q5mr16834793pfl.140.1559852263472; Thu, 06 Jun 2019 13:17:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559852263; cv=none; d=google.com; s=arc-20160816; b=n0klCs4L04fFFSrhlHwTakhI/Czpc10YCLq+zjoQ0p7on2LVqSvMSAqMOJZ16seRhF QS+hlDHPRKJFyxmXY9ABO5D+hDxTw81gL+d6KoXRNCz21vQ2Uzpomr6mB4fo5oBm302Z 395o3iGUsTXtVXOkR8bEShexEo8s3LAxqvj2DSPUE8hjvySVR8+TmWeBQ8dKfljddMj5 yrXeh6T+O2Wigoucx8bM2rgFvKjIUB2esTafEaRiXIfUwJtVgS30RoawdIm1UyhWM1Xu nHo1HSrNyVY0Qtq0NIh5fqLrb5EyOfCfhQ5InJCgDhrAgdGbE5/N+jIBbpm3nItN26Ns IVGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=vyH/zzUIJOyZ406UEvU+R6XaFldSrQouo2bVvFNJxzs=; b=igqpj4U3DMQUnrLgIedsGYFlMOyOkaTZSpA2w23cNJ65F5EwLK5d+358b8GI8HZq2t yh7NIG4SRbpaUqyYcSI/jobCDnPP/u3S0vZIW4BytTArpFz1+cFLFL5eGlEgmfbcXT+u z73I3EzpoiFdwlCX8DmGQw7opx8OuWxQ9DxD6f9E3DWq3/uycm7Vmb0zAlLJ+gXjSrkJ fFqtSibxPBIKHxfr/oyAt65hr08cnf9/9+FgfVixrqiutRAkioCHVLMAw5Oh0j0k/0Bl vyKQBef5UDXsux+CWI1UN4+Yhn5Riaokm0cC9MQ3F6iw42dqaaTnXuCugVQav/UdERJ2 YcjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=VRyzhkBv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j3si8665pgm.208.2019.06.06.13.17.26; Thu, 06 Jun 2019 13:17:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=VRyzhkBv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730529AbfFFSvF (ORCPT + 99 others); Thu, 6 Jun 2019 14:51:05 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:37791 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729839AbfFFSvE (ORCPT ); Thu, 6 Jun 2019 14:51:04 -0400 Received: by mail-pf1-f193.google.com with SMTP id a23so2057564pff.4 for ; Thu, 06 Jun 2019 11:51:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vyH/zzUIJOyZ406UEvU+R6XaFldSrQouo2bVvFNJxzs=; b=VRyzhkBvBnfDIRuAExLdUvUe//j+40drJjj5Y4J6jfg2b+zgc/ZF0D5KFfqRdmb9XD oIvlhoh3t2680hBGfxcTbgJ/LC8Wr/ol8CdMBUxJ5RpEAOGZwG2GFiP0+p5xG0mNgh1m wuc2LhZLUHtXEHnqETKLHsM3LVaoGY50Z1gUSqOai2oXB0QiPNuSQS2jc2pO5bHzklX4 /p5W6YWdAB1I8YBndGyzJXHLf71B4+EiFKXGoQQDwpUedInYUuC+KGw9Nn8uEd74WlDg RnlUv/cFUeDYzPoHZWFOImPY8quUPG/mlJPTNX9mhh9YYjv6KHEYb5cL3sPqeoh8xbNB YocQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vyH/zzUIJOyZ406UEvU+R6XaFldSrQouo2bVvFNJxzs=; b=Xc8O+VTgKHKjcrHmCsMyAE3Ho4ZtjzP/C+DEWOjamD9lhEZVMQK+VUkALbdyoI7Ktq +qOA+2TjS/CMzEh1vX4w8PUtA+iDmFTubzxPVy69uQpo1tjqpdkERoRelmrwMQcZ/Y0U zw2a5y6rSGRYFBoe49MEraXWZGaeo9mxMda8GF2YAIqxzcm5SoX2Lx5poZ9mC31an6MD 5MP67WihU4Ralkv8vLYtWyjlwvrq4kE5l7labtc7ZLd6s9rRzf92q0Rgi6ltoUUXQeLu +epdgKrtZKp4VWtUdMfLUJQX5KaxSBx8i/3Qn2kv54xRIFB/fGvNiLQgsx18gCjvigJX DE2g== X-Gm-Message-State: APjAAAWMdRI6CZ/sfwlKhMkzKA8+Vvrbi3IlUkeRdJ6DeeyldWDOb7Kd k/dTLKRTvUflyIlwF/58cHxVuA== X-Received: by 2002:a17:90a:2506:: with SMTP id j6mr1307940pje.129.1559847064075; Thu, 06 Jun 2019 11:51:04 -0700 (PDT) Received: from ?IPv6:2600:1010:b02c:95e1:658b:ab88:7a44:1879? ([2600:1010:b02c:95e1:658b:ab88:7a44:1879]) by smtp.gmail.com with ESMTPSA id a25sm3003410pfn.1.2019.06.06.11.51.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jun 2019 11:51:03 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3] From: Andy Lutomirski X-Mailer: iPhone Mail (16F203) In-Reply-To: <7afe1a85-bf19-b5b4-fdf3-69d9be475dab@schaufler-ca.com> Date: Thu, 6 Jun 2019 11:51:01 -0700 Cc: Andy Lutomirski , Stephen Smalley , David Howells , Al Viro , Greg Kroah-Hartman , USB list , raven@themaw.net, Linux FS Devel , Linux API , linux-block@vger.kernel.org, keyrings@vger.kernel.org, LSM List , LKML , Paul Moore Content-Transfer-Encoding: quoted-printable Message-Id: References: <155981411940.17513.7137844619951358374.stgit@warthog.procyon.org.uk> <3813.1559827003@warthog.procyon.org.uk> <8382af23-548c-f162-0e82-11e308049735@tycho.nsa.gov> <0eb007c5-b4a0-9384-d915-37b0e5a158bf@schaufler-ca.com> <7afe1a85-bf19-b5b4-fdf3-69d9be475dab@schaufler-ca.com> To: Casey Schaufler Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Jun 6, 2019, at 11:33 AM, Casey Schaufler wrot= e: >=20 >> On 6/6/2019 10:11 AM, Andy Lutomirski wrote: >>> On Thu, Jun 6, 2019 at 9:43 AM Casey Schaufler w= rote: >>> ... >>> I don't agree. That is, I don't believe it is sufficient. >>> There is no guarantee that being able to set a watch on an >>> object implies that every process that can trigger the event >>> can send it to you. >>>=20 >>> Watcher has Smack label W >>> Triggerer has Smack label T >>> Watched object has Smack label O >>>=20 >>> Relevant Smack rules are >>>=20 >>> W O rw >>> T O rw >>>=20 >>> The watcher will be able to set the watch, >>> the triggerer will be able to trigger the event, >>> but there is nothing that would allow the watcher >>> to receive the event. This is not a case of watcher >>> reading the watched object, as the event is delivered >>> without any action by watcher. >> I think this is an example of a bogus policy that should not be >> supported by the kernel. >=20 > At this point it's pretty hard for me to care much what > you think. You don't seem to have any insight into the > implications of the features you're advocating, or their > potential consequences. >=20 >=20 Can you try to spell it out, then? A mostly or fully worked out example mig= ht help. As Stephen said, it looks like you are considering cases where there is alre= ady a full communication channel between two processes, and you=E2=80=99re c= oncerned that this new mechanism might add a side channel too. If this is w= rong, can you explain how?=