Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1353273ybp;
        Fri, 11 Oct 2019 12:54:44 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwuU8S6Uyde3u6E7EeusrScygXKsaay9dfIzACjCyx7IgOv8m6KmAHuOdvoqEsVnAKyaskG
X-Received: by 2002:aa7:cfcd:: with SMTP id r13mr15651479edy.146.1570823684115;
        Fri, 11 Oct 2019 12:54:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570823684; cv=none;
        d=google.com; s=arc-20160816;
        b=WdaF4RxgTLHoe2wHdC1V0xcacSmi61dA8Ld7C1nhIiqsVmF6i4bfSejmuzrbnWy813
         sBRczJLWudNJzL6rG9zpeBgRP0yXvgZWAzNKJDCY5O08SyRJ9QLkagax4PlE3rYse8BI
         +UtUwusRF23uqcoioLDaGdkOibNBYgBxtZN5EzYbDPIc2w8XG2s5IKCYMy6xh71hNM70
         JvAmOb/GgB19bgxr5Cl83cezFvSaLppYN+P8QI9SE32KAEZ8qDl3aC0Nd96tpvMpivgu
         noBIHSAYn6eQnAnYc1EEoOtoVcposKEt+3qFPWH1RcJydo3DIV+wpkbSqqefsynA5Aj6
         s1zQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:date:cc:to:from:subject:message-id;
        bh=K70tqUlyIn+7w5eWRnkn+SdlKCFQzKcA58X8Jthi3Co=;
        b=QePhhEnA2nMM3XDnuP0h5wd1zy3Z1+RjyAeOB/H/JseN/QRRQ4teRJ35T/fmOUNMGx
         MoLtoLqInbRyZlgfQR8m8cfBbedCC3itNln7QLudMxHaTxjLTMAAv3UzsU9Une/vdbOH
         Ves2sTrUF/n609H7Z3rNoa0XKCo+a/v05hy5PGIGhIEEv4SmUnVUVbHr5M0fjZ1WyUK8
         NWjNF9uR20ZT3bQLtGkB0Gf92GJzZH+moAKDmFhaVWTCywS9jfkJVMz5uliV6Rhfi2Hi
         MFWkLxL619MjhIjRSjZ2QbWOOg/e0KoqoySUyjk6bJopdnlNS0StX0Q0S5ix7ESkM5Bh
         sReA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y9si5960828edv.405.2019.10.11.12.54.17;
        Fri, 11 Oct 2019 12:54:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728895AbfJKTvK (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Fri, 11 Oct 2019 15:51:10 -0400
Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:38164 "EHLO
        shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728799AbfJKTvK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Oct 2019 15:51:10 -0400
Received: from [192.168.4.242] (helo=deadeye)
        by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.89)
        (envelope-from <ben@decadent.org.uk>)
        id 1iJ0wI-00016N-9y; Fri, 11 Oct 2019 20:51:02 +0100
Received: from ben by deadeye with local (Exim 4.92.2)
        (envelope-from <ben@decadent.org.uk>)
        id 1iJ0wI-0000lm-2v; Fri, 11 Oct 2019 20:51:02 +0100
Message-ID: <c327ecb762ef788ef248ed5c006eeef5afa3b798.camel@decadent.org.uk>
Subject: Re: [PATCH] tracefs: Do not allocate and free proxy_ops for lockdown
From:   Ben Hutchings <ben@decadent.org.uk>
To:     Steven Rostedt <rostedt@goodmis.org>,
        Linus Torvalds <torvalds@linux-foundation.org>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Matthew Garrett <matthewgarrett@google.com>,
        James Morris James Morris <jmorris@namei.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Al Viro <viro@zeniv.linux.org.uk>
Date:   Fri, 11 Oct 2019 20:50:56 +0100
In-Reply-To: <20191011143610.21bcd9c0@gandalf.local.home>
References: <20191011135458.7399da44@gandalf.local.home>
         <CAHk-=wj7fGPKUspr579Cii-w_y60PtRaiDgKuxVtBAMK0VNNkA@mail.gmail.com>
         <20191011143610.21bcd9c0@gandalf.local.home>
Content-Type: multipart/signed; micalg="pgp-sha512";
        protocol="application/pgp-signature"; boundary="=-RVTAo56FC6JdCy3TcbW7"
User-Agent: Evolution 3.30.5-1.1 
MIME-Version: 1.0
X-SA-Exim-Connect-IP: 192.168.4.242
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--=-RVTAo56FC6JdCy3TcbW7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 2019-10-11 at 14:36 -0400, Steven Rostedt wrote:
> On Fri, 11 Oct 2019 11:20:30 -0700
> Linus Torvalds <torvalds@linux-foundation.org> wrote:
>=20
> > Willing to do that instead?
>=20
> Honestly, what you described was my preferred solution ;-)
>=20
> I just didn't want to upset the lockdown crowd if a new tracefs file
> was opened without doing this.
>=20
> Once locked down is set, can it ever be undone without rebooting?
[...]

Earlier versions of the lockdown patch set added a magic SysRq command
to turn it off.  That's not currently present upstream but there may be
plans to add it.

Ben.

--=20
Ben Hutchings
It is easier to change the specification to fit the program
than vice versa.



--=-RVTAo56FC6JdCy3TcbW7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl2g3SAACgkQ57/I7JWG
EQlqjg//T/3zBWsuiQaVH1xm1ZKL0fiUmrONKKaR1YvKqTh3/48OycmNuiS5JouH
sehyxtKXJcTHTYDfbVy7+x2wWWWeHXKIZaHOUwBkGgsB6BK4SdUVLpb8uR8ye+Vt
WzXoy0N2/qdlg1JZC7SuIAZf3qI1WdCEFW/QFoHqUKDe89aE/8nCFdbp1hqDo5kr
SidNRHNT0WUAVlbHaZa2ykhYFF9j3vVtT11DwcLNtugV4PKBm5q+lo6bo4G1K1QT
mVygSOiRnVbsFrQ1FXOi7YFRcMeImimWgFJKxxhN3lVKE2KtD1Ngr9132ZySizkM
ysXXzk0bpCmDfxQh8v5ztA5SCqjTs/RAj21OXr+0s2iJlOyS6lgDIvpte480IMRg
u9CnOQgzn4w0O0Ya2NSvEs3vPwak2EmDRF38t0VIoBWnDL19yxKiykAhgjVZDDX9
8FI7MWgsRLEp2Oe/4Qm36gNHvZ0AWP+dMwMWVEReEFMs+mu6WmsColUB9XwWVuqY
iaELrt1d6QDxPqDOZ7Np3TpPstcxB891E8AOOtDox9S/xksqOiIEHhVf8UwoqzW7
SkLexfXtGdQi0drgiSshOCpBaaXQfjgqoI3k8ipNm9Sx3IL3S2D9fTQVt9rXhYHw
XhL95M7SYkGLGcMAD+Ew7R2PEMSGpsVNMsVYyVXzFTLAO+Rc6fg=
=3b+F
-----END PGP SIGNATURE-----

--=-RVTAo56FC6JdCy3TcbW7--