Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp8492062ybi; Thu, 6 Jun 2019 13:18:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqwGCMpIkDXSoPkGQxKeqNUnrwUekpiBc/MHjmA/BVaIMQPeAt0Lee032S6vfhn+8HwACgdl X-Received: by 2002:a17:90a:f498:: with SMTP id bx24mr1679197pjb.91.1559852334058; Thu, 06 Jun 2019 13:18:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559852334; cv=none; d=google.com; s=arc-20160816; b=t+YTLkpG5tIrhlNWAsT5b0Gv0QzVeE6+WNYJeo8oAGQe8UGYZjJ+KM75Q7qwH21dLL BHJlAQBj0/r1vOfbuoUjfsN3hK3lZS180WFbQ8sHLiJvxLnM0vrczLUgen4BBcKvenuV 46H/aN2GkleMLZpv2law4nIRanri1sTJaa2PfY2O10BQZsxzywoG6Jq/tTfDkPaq+MY6 NEsWfUmuC7oZ3HMCou8aZWQqyNBlSMduFARH6CAb1P7JIvIh5ZJ3uUpcxaYSIRfa5fV1 m/qVoEyjW6FX7s9kDF4fjFWgmhfm6gcKusqryAmWdLc/KOU1oQQprBSQqH6G681Ugfu/ WfjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=h6hbClmXSslNZCdRlbDf1sL6diUN1pZZl6no59N+JcY=; b=UXV9K3UDoH0yeJBSCmi+RNPvwx6CeSIdR9E0doNnqhPzGJCOxUOLyjU2lpyk+YLBtE Km8NwZW7p9LX8L00dym2/HJV8Q0L01H5oQpCbsPguSoiJ7XoZNdMa2Pgxq0DmR3Jfxfm ejcGHzCQJ9GW4rcLm36vyN0X71Rga+/t4JP6MODIRcp31j/stuMK9mu841SdwOw8J20b fL85ieQaIGk560wCqP2DM9Vos5huQllaZrBRmj3C+MmS+DB8BsnoiydFxskHdUuns9KP kz/AYrAiz9uiPNc9CRwK4AAXHhSV1WvHY8DsqEOjBcZ3e2D6n2WZ6RsEwA8CCTB9DKeN WEWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HO604baq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e127si53084pgc.214.2019.06.06.13.18.38; Thu, 06 Jun 2019 13:18:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HO604baq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726653AbfFFTeQ (ORCPT + 99 others); Thu, 6 Jun 2019 15:34:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:55070 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726633AbfFFTeO (ORCPT ); Thu, 6 Jun 2019 15:34:14 -0400 Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B790E20B7C for ; Thu, 6 Jun 2019 19:34:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559849654; bh=Bp9xchL8n3xgevCioLqnZ63AUKcEYYQAzSzsygrBl6U=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=HO604baqNXqdV732MJGVIuAhse5+ZFoSM5Cc0+2Fn/Ht+x4OWlMx5PGxpQjuhnWoS +5SGAibaql+Dy5Y2lXYd+TCXM2PP/XUh2keaEDA+zVknERXfBQhrqM5U8gIKyqt0mE /xX8R4yDLByF0tIfKTWY8lYeF4L8I6C1xdq0ZN7E= Received: by mail-wr1-f45.google.com with SMTP id n4so3633046wrs.3 for ; Thu, 06 Jun 2019 12:34:13 -0700 (PDT) X-Gm-Message-State: APjAAAU1jfFzOdsw3fB6hoofMxhRsZ6FVtH8kbxc6MALkL198uYD0UQ7 DHt3CmwRYZDy0SSy6z8JdJVYVvgjHLwUu+sNWw+ZqQ== X-Received: by 2002:adf:ef48:: with SMTP id c8mr9349668wrp.352.1559849652241; Thu, 06 Jun 2019 12:34:12 -0700 (PDT) MIME-Version: 1.0 References: <155981411940.17513.7137844619951358374.stgit@warthog.procyon.org.uk> <155981413016.17513.10540579988392555403.stgit@warthog.procyon.org.uk> <176F8189-3BE9-4B8C-A4D5-8915436338FB@amacapital.net> <11031.1559833574@warthog.procyon.org.uk> In-Reply-To: From: Andy Lutomirski Date: Thu, 6 Jun 2019 12:34:00 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 01/10] security: Override creds in __fput() with last fputter's creds [ver #3] To: Casey Schaufler Cc: Andy Lutomirski , David Howells , Al Viro , raven@themaw.net, Linux FS Devel , Linux API , linux-block@vger.kernel.org, keyrings@vger.kernel.org, LSM List , LKML , Jann Horn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 6, 2019 at 12:09 PM Casey Schaufler wrote: > > On 6/6/2019 10:18 AM, Andy Lutomirski wrote: > > On Thu, Jun 6, 2019 at 8:06 AM David Howells wrote: > >> Andy Lutomirski wrote: > > Casey, I think you need to state your requirement in a way that's well > > defined, and I think you need to make a compelling case that your > > requirement is indeed worth dictating the design of parts of the > > kernel outside LSM. > > Err, no, I don't believe so. There's a whole lot more > going on in this discussion than just what's going on > within the LSMs. Using examples from the LSMs makes it > easier, because their policies are better defined than > the "legacy" policies are. The most important part of the > discussion is about ensuring that the event mechanism > doesn't circumvent the legacy policies. Yes, I understand > that you don't know what that means, or has to do with > anything. > > Indeed, I do not know what you have in mind about making sure this mechanism doesn't circumvent legacy policies. Can you elaborate? --Andy