Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp255667ybz; Thu, 30 Apr 2020 21:09:38 -0700 (PDT) X-Google-Smtp-Source: APiQypLS9bVU07G05TgaTLoFj5/Mm1QZCRrC4+DxnbeWsaIC1Aic3pM/vjgZHGxfBlkn3n4mbDo3 X-Received: by 2002:aa7:c401:: with SMTP id j1mr1899847edq.31.1588306178806; Thu, 30 Apr 2020 21:09:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588306178; cv=none; d=google.com; s=arc-20160816; b=RLTIIYK1SyCc+7KhOMYwFKSBIt0YXJpN0GXS5ngkouy3OV9TmLX5v4w/36wzLUm6jo ktmQjYLBSUgjY6XOvrTzPb5miPQVv/ou8+hmmOay9rjgRC+VAtbpli3XdBxd4xwOwFhf hNVV/2AQc03SHVZmIz8jXCtZ8lFCymrrSj1Dj70+kYOXr2E7ihr/MqfzQJrnIwE0gDFi 9T0tpmzGcgo24rec07w7A5zWboWUwYtvdSFfFVheASWtJIh0PlT02m6HQm0nn7FlLljd bsw3e+JR34/ZXT4Vl3Gzq9/nrEab77agH8dBWUDu4BfIuF8OjylbsIvBjngtrN1V/T1B iDJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=L3Ujqpz0CnXn5yk4qPJwaaudLHIHkKhtHiAFC5W/dB4=; b=M1qwCodNxVJR80IgoW/nIWsy/wTxZ+TFhycZLEtIkEQ+sbq99+Ar0fNek0suyNMfYb gcc1O6+20TYx9mciMB2tyKppfIIdYu2CQRTyYtGrFxchAnfAm/7BkTjOs0Ha1qDFGFi5 cpPMTykegCISghMK8IUzajBfj8asJUSBc5f6rlXGiziCKlBAZQok9Sh+ajx6r4w6CHzd FCx/fc6LaZh/jCxFz4LsYVunTqOv/itE6/VrqKGBd2ghHfsE9E+Gnq+qeNSVF8WVpQVx XoN8DQwwi8o0FjaY6zS0+6fdEDB19uLS4m3vAldIH8WUm81lgK3nLd7qbTMVg/v3/Ho/ iOMA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x29si865673edi.561.2020.04.30.21.09.16; Thu, 30 Apr 2020 21:09:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728146AbgEAEFx (ORCPT + 99 others); Fri, 1 May 2020 00:05:53 -0400 Received: from namei.org ([65.99.196.166]:56492 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725791AbgEAEFw (ORCPT ); Fri, 1 May 2020 00:05:52 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id 04144xrG030780; Fri, 1 May 2020 04:04:59 GMT Date: Fri, 1 May 2020 14:04:59 +1000 (AEST) From: James Morris To: =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= cc: linux-kernel@vger.kernel.org, Aleksa Sarai , Alexei Starovoitov , Al Viro , Andy Lutomirski , Christian Heimes , Daniel Borkmann , Deven Bowers , Eric Chiang , Florian Weimer , Jan Kara , Jann Horn , Jonathan Corbet , Kees Cook , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= , Mimi Zohar , =?ISO-8859-15?Q?Philippe_Tr=E9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2) In-Reply-To: <20200428175129.634352-2-mic@digikod.net> Message-ID: References: <20200428175129.634352-1-mic@digikod.net> <20200428175129.634352-2-mic@digikod.net> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="1665246916-652208896-1588305899=:29679" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1665246916-652208896-1588305899=:29679 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Tue, 28 Apr 2020, Mickaël Salaün wrote: > When the RESOLVE_MAYEXEC flag is passed, openat2(2) may be subject to > additional restrictions depending on a security policy managed by the > kernel through a sysctl or implemented by an LSM thanks to the > inode_permission hook. Reviewed-by: James Morris -- James Morris --1665246916-652208896-1588305899=:29679--