Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2741893ybl; Thu, 29 Aug 2019 12:13:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqw+RKQFyKNq3pUB0iEsySmkpTUzBeXf+V5ASDLuDOJLGKnbKwWOkgbUZ91trs9aBa6WEF/r X-Received: by 2002:aa7:8498:: with SMTP id u24mr13643929pfn.61.1567105987192; Thu, 29 Aug 2019 12:13:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567105987; cv=none; d=google.com; s=arc-20160816; b=IezVzmgHKrm0AmMYXfw56G5NVdU+9gLzk9yBcWXgnUNoC8we2LzRinvbRpjK58XNBU xynx0cUcdQixg+COBGd/F+/PulfeXedHGxmrlpt6cWsNyo59Qa+eyJx1Ju6cHTV4blZR GeRFnik9wzo1F3lIvHe1iMhHise0qEEynthcDpbFLRvYcS6sfrL3ZPIP8eZlcE7t37wP Me+af2ya6UdvgOwSYF4eIGKZXfvTEtFyU08OTxL3FizSbMDAtMuaIN9nK1tHadGWJ6z+ YvrDk66sm6iLEmG5gLviuPnkm4gr8rpYRVDY/pw76tyIOOm5vZPScw8EsUp+t+bELfUj enyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization; bh=/EzAWsAHu3vqkW65i2z+ZCYDiAdxnQpe/odu8Q9XQHU=; b=eelbyl3m3p7SqQqitST5W6IIFL52Eg5fmpNXg0pIH3o3Yd8Xl4dE6aNnZxjclWJEKI 7+OArTbyZ6CNhnvaI2WOIuHcR0AOUwO3P9jnza4Y+QJH3BVHy70d/VFi8zHrcxJJFMDV nJ/Iywk6/LakND/bNiEaNDKISgF1+0f6yJo6wrGFXZiUiUkBOTngl/zs0CXnTPP9Vtwp ILXhcZKfuCDRI9DXCPBwyXw+ZofkyfVngxRrdGJV2W8lMdfjrKwitacZzia0gGpdwSo7 E62w+3oo0bYAN+0HRO8ZdgoFZh9YBua+WgLJJmlhvp2aEQXFuYK3UKj0p+ANr4Xh1DaX 1H3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 19si2743960pgh.262.2019.08.29.12.12.50; Thu, 29 Aug 2019 12:13:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728070AbfH2TMB (ORCPT + 99 others); Thu, 29 Aug 2019 15:12:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42447 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727798AbfH2TMB (ORCPT ); Thu, 29 Aug 2019 15:12:01 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D94FF307D868; Thu, 29 Aug 2019 19:12:00 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-255.rdu2.redhat.com [10.10.120.255]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1123F196B2; Thu, 29 Aug 2019 19:11:57 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <03eb0974-3996-f356-5fbe-17cf598b0e31@tycho.nsa.gov> References: <03eb0974-3996-f356-5fbe-17cf598b0e31@tycho.nsa.gov> <156710338860.10009.12524626894838499011.stgit@warthog.procyon.org.uk> <156710348066.10009.17986469867635955040.stgit@warthog.procyon.org.uk> To: Stephen Smalley Cc: dhowells@redhat.com, viro@zeniv.linux.org.uk, Casey Schaufler , Greg Kroah-Hartman , nicolas.dichtel@6wind.com, raven@themaw.net, Christian Brauner , keyrings@vger.kernel.org, linux-usb@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 10/11] selinux: Implement the watch_key security hook [ver #6] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <14148.1567105917.1@warthog.procyon.org.uk> Date: Thu, 29 Aug 2019 20:11:57 +0100 Message-ID: <14149.1567105917@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 29 Aug 2019 19:12:01 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Stephen Smalley wrote: > Can watch->cred ever differ from current's cred here? If not, why can't we > just use current_sid() here Um. Not currently. I'm not sure whether its ever likely to be otherwise. Probably we could just use that and fix it up later if we do find otherwise. > and why do we need the watch object at all? It carries more than just the creds for the caller of keyctl_watch_key(), it also carries information about the queue to which notifications will be written, including the creds that were active when that was set up. Note that there's no requirement that the process that opened /dev/watch_queue be the one that sets the watch. In the keyutils testsuite, I 'leak' a file descriptor from the session wrangler into the program that it runs so that tests running inside the test script can add watches to it. David