Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5707145ybp; Tue, 15 Oct 2019 03:57:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqz2T+Q5kdPOhgg6BCJ6f8Xf5LMlfw72Qm08L2vtuRk+9OZOKXkkaH/iDW8kTZk0m2WEodXR X-Received: by 2002:aa7:c595:: with SMTP id g21mr20108162edq.79.1571137049625; Tue, 15 Oct 2019 03:57:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571137049; cv=none; d=google.com; s=arc-20160816; b=rCa7HY9rBkKyIuP3Kfsf++/aSpzPac5CgMPsCdPZIV83jH0isdpClhgsVDL2UfFcM6 31Z8pZY3Pv3KmTJXCggjcg59F8URgQlXPVQlzZvPwc48XD6jNd+VilF8Xy6PyxL4JpKO vFhmIz93u6zWgZONolc0iOReJXh2tSNjGyJL+b0wQTRoz+fqRwMnve6pPG7m3Q0x16Oo sOeI+NYOQRA9huX0CNX5jVOVi0lq/7aT+Fxwq65ci9az9avPRF7Fkjzx4lNbWdMceo8E 3YTcQkS+Un2AX0nG3nkijcjun5Cv5zkTOprAxf7UwJLQcT6TM+Jc7IcG88J1ifrcuw9Z 2uYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=2snK84LN8J44TKP/PMH63Ii6JR83EPG71zBYu2QJ0XQ=; b=k/g/t7k+twT45nm71cvRw3B9ewfnHCLu62Zz+79I9/WreUzqkQ+rObaX/pzme3UbSc m7pV2I4BxJ5apu7TmiD7t7bHSn7LEtHA9u5FcwU4tBMLtg5WB65Vp4vp5yK0L8DMf70r Sa1zZ+Lry71vKw3YaKpRk+v7/zIb+bWdiNRDZIN1Xy0nJLNiMaYlzvvYTD35H64j3LoC 80erGpUSKIJl6QU31wmTu0yt8BM9Yds+artPPNEVk2at61Ys+XkcrPtEJgdjypgXc84s pBkEe499j9L1drglWigfuzGPBD7OwamIXEMIFpooLPWj8dNvj23PpHyQ+oL842TFZR8x fPdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b="IVAFH//q"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j46si15286458eda.9.2019.10.15.03.57.05; Tue, 15 Oct 2019 03:57:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b="IVAFH//q"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728496AbfJOIIe (ORCPT + 99 others); Tue, 15 Oct 2019 04:08:34 -0400 Received: from bombadil.infradead.org ([198.137.202.133]:38278 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728295AbfJOIIe (ORCPT ); Tue, 15 Oct 2019 04:08:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2snK84LN8J44TKP/PMH63Ii6JR83EPG71zBYu2QJ0XQ=; b=IVAFH//qF+3iYwoEY58Rr19Rh ANswVS1RGYeMa/xUPjus6757cq9LlQ9Qgg9o27aoVDlfQUdg00HKQ3AgIlvH2QQvDQfPlAvQmDUa6 i1wQtAerUNuFu79cQoLaNHCJ76RJINrvivPmJ8jrPQ5nKrvQggbPn71p+CwzJvCncQFC3ynbHWXAe v3ONS5UOk0Pg7dvNfJHnc34UiAJgc/0IIfl9D/cDTOOcOG364WYQ8xsj8BJzHiqNAEobs1vn8he+/ hOIIuSzOx8kO8TxyNEGlcpq1Tjd1F7R8kyvtdUwWYGEy0iDDPyjLqsD7xorHbbqJ88I7H8KE0oWHD WTvZhl48A==; Received: from hch by bombadil.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1iKHsg-0004Uc-8r; Tue, 15 Oct 2019 08:08:34 +0000 Date: Tue, 15 Oct 2019 01:08:34 -0700 From: Christoph Hellwig To: Daniel Colascione Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, lokeshgidra@google.com, nnk@google.com, nosh@google.com, timmurray@google.com Subject: Re: [PATCH 2/7] Add a concept of a "secure" anonymous file Message-ID: <20191015080834.GB16814@infradead.org> References: <20191012191602.45649-1-dancol@google.com> <20191012191602.45649-3-dancol@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191012191602.45649-3-dancol@google.com> User-Agent: Mutt/1.12.1 (2019-06-15) X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 12, 2019 at 12:15:57PM -0700, Daniel Colascione wrote: > A secure anonymous file is one we hooked up to its own inode (as > opposed to the shared inode we use for non-secure anonymous files). A > new selinux hook gives security modules a chance to initialize, label, > and veto the creation of these secure anonymous files. Security > modules had limit ability to interact with non-secure anonymous files > due to all of these files sharing a single inode. Again please add Al. Also explain what the problem would be to always use a separate inode.