Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp8611877ybi; Thu, 6 Jun 2019 15:52:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqxjpCz1MYwVGOOs7PQ39ACtWG2eo3LVsPEuxzcn4ef8Rb5GnznniYJW9Q+7LIxj12JXeueX X-Received: by 2002:a17:90a:26cf:: with SMTP id m73mr2240489pje.90.1559861544092; Thu, 06 Jun 2019 15:52:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559861544; cv=none; d=google.com; s=arc-20160816; b=sUNqjVWHbog62W5y509EuqMtAViKqpdndswgQ7XPXqIFAALP2PeXD12TUip5KGM5BX Lckb5Z971c95YyC4o4k4OuSBWKULg+hw9uvAkwW3ZFnl0wHgin6xk4igjOCKCKEm1MUO u0cdPBZd9mZasdgNFQejGK4pQWnJLBabAjAba8rVKJrxLHxxfs1rji9t0JeUzmt+/ceZ U4rag/DyGg7YjK+wRX95D4pUyX+1zrzNoVHguYnwpiQwDGOyzT+LfzpF+0/24yspo0Ix 5pIzqKUxKv8HldIemJWyOZYARoAgP+qhvaN4DeNpOcegFMB+nuoHVcZvrexaaSTGWMFV NcMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-transfer-encoding :mime-version:subject:cc:to:references:in-reply-to:from:organization; bh=rijGXSEomdtdMXuwTnYEJcvFrH052dbSH7eGiR8bTB0=; b=Q4sGwbvCzbQGJI4IXdcsROPP6uYTLLPUcDUrN575cLyYR/vSZboKAcemwh01Jil7RH pg3CcCNlEEKrJqzwynySNHENaQ9YO0sXo4ZAyc6Eb1Lacn+bawS190zPmJir9EwmwSjB Ntm7sh7972P4SuLQmScqcdE+e7dSkgVw4EgstUQlAQjWFv8ZcaWtBhELbyxQU+HnS0Wr KWlkbofBM3U/SKw03LqVDiaYitp20XgHG/8y9snAzUDFMgftfxr5ZtqQWgk9fpx2GL/Y XjzfE8HAoUqvJyC6EXFqYipUgDIO76Z8xloRn2GoTIZeqN9g+I1jNPZen067aZQHDH4e OSVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a22si235800pjo.18.2019.06.06.15.52.06; Thu, 06 Jun 2019 15:52:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727011AbfFFWuy convert rfc822-to-8bit (ORCPT + 99 others); Thu, 6 Jun 2019 18:50:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:25307 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726352AbfFFWuy (ORCPT ); Thu, 6 Jun 2019 18:50:54 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 27461C1EB216; Thu, 6 Jun 2019 22:50:52 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-173.rdu2.redhat.com [10.10.120.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id 17E1153B33; Thu, 6 Jun 2019 22:50:48 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <155981411940.17513.7137844619951358374.stgit@warthog.procyon.org.uk> <3813.1559827003@warthog.procyon.org.uk> <8382af23-548c-f162-0e82-11e308049735@tycho.nsa.gov> <0eb007c5-b4a0-9384-d915-37b0e5a158bf@schaufler-ca.com> <07e92045-2d80-8573-4d36-643deeaff9ec@schaufler-ca.com> <23611.1559855827@warthog.procyon.org.uk> <30567.1559860681@warthog.procyon.org.uk> To: Andy Lutomirski Cc: dhowells@redhat.com, Andy Lutomirski , Casey Schaufler , Stephen Smalley , Al Viro , Greg Kroah-Hartman , USB list , raven@themaw.net, Linux FS Devel , Linux API , linux-block@vger.kernel.org, keyrings@vger.kernel.org, LSM List , LKML , Paul Moore Subject: Re: [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3] MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Date: Thu, 06 Jun 2019 23:50:48 +0100 Message-ID: <31428.1559861448@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 06 Jun 2019 22:50:53 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Andy Lutomirski wrote: > They can call fsinfo() anyway, or just read /proc/self/mounts. As far as I’m > concerned, if you have CAP_SYS_ADMIN over a mount namespace and LSM policy > lets you mount things, the of course you can get information to basically > anyone who can use that mount namespace. And automounts? You don't need CAP_SYS_ADMIN to trigger one of those, but they still generate events. On the other hand, you need CSA to mount something that has automounts in the first place, and if you're particularly concerned about security, you probably don't want the processes you might be suspicious of having access to things that contain automounts (typically network filesystems). David