Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp255667ybz;
        Thu, 30 Apr 2020 21:09:38 -0700 (PDT)
X-Google-Smtp-Source: APiQypLS9bVU07G05TgaTLoFj5/Mm1QZCRrC4+DxnbeWsaIC1Aic3pM/vjgZHGxfBlkn3n4mbDo3
X-Received: by 2002:aa7:c401:: with SMTP id j1mr1899847edq.31.1588306178806;
        Thu, 30 Apr 2020 21:09:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588306178; cv=none;
        d=google.com; s=arc-20160816;
        b=RLTIIYK1SyCc+7KhOMYwFKSBIt0YXJpN0GXS5ngkouy3OV9TmLX5v4w/36wzLUm6jo
         ktmQjYLBSUgjY6XOvrTzPb5miPQVv/ou8+hmmOay9rjgRC+VAtbpli3XdBxd4xwOwFhf
         hNVV/2AQc03SHVZmIz8jXCtZ8lFCymrrSj1Dj70+kYOXr2E7ihr/MqfzQJrnIwE0gDFi
         9T0tpmzGcgo24rec07w7A5zWboWUwYtvdSFfFVheASWtJIh0PlT02m6HQm0nn7FlLljd
         bsw3e+JR34/ZXT4Vl3Gzq9/nrEab77agH8dBWUDu4BfIuF8OjylbsIvBjngtrN1V/T1B
         iDJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=L3Ujqpz0CnXn5yk4qPJwaaudLHIHkKhtHiAFC5W/dB4=;
        b=M1qwCodNxVJR80IgoW/nIWsy/wTxZ+TFhycZLEtIkEQ+sbq99+Ar0fNek0suyNMfYb
         gcc1O6+20TYx9mciMB2tyKppfIIdYu2CQRTyYtGrFxchAnfAm/7BkTjOs0Ha1qDFGFi5
         cpPMTykegCISghMK8IUzajBfj8asJUSBc5f6rlXGiziCKlBAZQok9Sh+ajx6r4w6CHzd
         FCx/fc6LaZh/jCxFz4LsYVunTqOv/itE6/VrqKGBd2ghHfsE9E+Gnq+qeNSVF8WVpQVx
         XoN8DQwwi8o0FjaY6zS0+6fdEDB19uLS4m3vAldIH8WUm81lgK3nLd7qbTMVg/v3/Ho/
         iOMA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x29si865673edi.561.2020.04.30.21.09.16;
        Thu, 30 Apr 2020 21:09:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728146AbgEAEFx (ORCPT <rfc822;jaysonjohndmello@gmail.com>
        + 99 others); Fri, 1 May 2020 00:05:53 -0400
Received: from namei.org ([65.99.196.166]:56492 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725791AbgEAEFw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 May 2020 00:05:52 -0400
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id 04144xrG030780;
        Fri, 1 May 2020 04:04:59 GMT
Date:   Fri, 1 May 2020 14:04:59 +1000 (AEST)
From:   James Morris <jmorris@namei.org>
To:     =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>
cc:     linux-kernel@vger.kernel.org, Aleksa Sarai <cyphar@cyphar.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Andy Lutomirski <luto@kernel.org>,
        Christian Heimes <christian@python.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Deven Bowers <deven.desai@linux.microsoft.com>,
        Eric Chiang <ericchiang@google.com>,
        Florian Weimer <fweimer@redhat.com>, Jan Kara <jack@suse.cz>,
        Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Matthew Garrett <mjg59@google.com>,
        Matthew Wilcox <willy@infradead.org>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= <mickael.salaun@ssi.gouv.fr>,
        Mimi Zohar <zohar@linux.ibm.com>,
        =?ISO-8859-15?Q?Philippe_Tr=E9buchet?= 
        <philippe.trebuchet@ssi.gouv.fr>,
        Scott Shell <scottsh@microsoft.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Shuah Khan <shuah@kernel.org>,
        Steve Dower <steve.dower@python.org>,
        Steve Grubb <sgrubb@redhat.com>,
        Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>,
        Vincent Strubel <vincent.strubel@ssi.gouv.fr>,
        kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on
 openat2(2)
In-Reply-To: <20200428175129.634352-2-mic@digikod.net>
Message-ID: <alpine.LRH.2.21.2005011404420.29679@namei.org>
References: <20200428175129.634352-1-mic@digikod.net> <20200428175129.634352-2-mic@digikod.net>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="1665246916-652208896-1588305899=:29679"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1665246916-652208896-1588305899=:29679
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT

On Tue, 28 Apr 2020, Mickaël Salaün wrote:

> When the RESOLVE_MAYEXEC flag is passed, openat2(2) may be subject to
> additional restrictions depending on a security policy managed by the
> kernel through a sysctl or implemented by an LSM thanks to the
> inode_permission hook.


Reviewed-by: James Morris <jamorris@linux.microsoft.com>


-- 
James Morris
<jmorris@namei.org>

--1665246916-652208896-1588305899=:29679--