Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp717383ybz; Fri, 1 May 2020 07:18:51 -0700 (PDT) X-Google-Smtp-Source: APiQypLX58xqHS7A/A5Esmiz6iXscxxYfihy1y/EYtcgb1FyYQffV+h2kwfU71XqnaQoioQM0cRl X-Received: by 2002:aa7:cfc3:: with SMTP id r3mr3865738edy.342.1588342731726; Fri, 01 May 2020 07:18:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588342731; cv=none; d=google.com; s=arc-20160816; b=0w8OgQTE0gJWHaODM8WgIxOLl7yL+dNoIN/0h1Dnin0IODAx1cNtAVWdRcPDMn7e+A JN+Cl+YtabfhScmtMv42km6uLrRtJQTGL28lLFDE6iPLuvjp63c0iCS5EURLWq+UjgP4 xBUCE1ppY5GdTWuZ1DzHy6kcxlGGSPITrnN2jmePwCGxFkTSraAndwIy5RbN1wXqWiOd TLWpovJ44BYcE32RvmItOq82WTuLmZqD5kmMA9N1Ubdi9baxwQiJ0O/SZ33twYwKM9kC BQoZvpaAriGdqO0dtjD5IzRS0TdQVDytrVmWrlNyhtjdRbNdgAm5dHPisRhXL1mlvkzu lJpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=UYstyosEqcJG9DRJ197I+ox8biuTpiMfJ/JRLNFViWE=; b=xYbvA6K/SrA8pNZWlfxuCEkcP5aDGJqPcsCcUuB8UMgLRyyipcPiJaLlt26PNj519l BXXp0YFblSL+lsBBCZhsnRVgPOa6EbTBRFecy206QaWsL75Xk2trhJ1zIW1epJ0Pzoyd iHTkNpn6Qq87tXl696KPn1TklkkHPoNMRhL44LQovXsesowk6wvAk52v+PxknAdCgyS5 0k9qVC3LPRU5B9EwawUFySIBYIAW/mZke3pN+5FpfHNChHVP9uC45pMrIB5vnPJmenRL wT1k86y7bOobc/z62PCK/qvFsvDAO4A397Bc0CjFx/HmZTRgE23ZXlGUNoKJyTb7sQug ecuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d23si1695298ejt.267.2020.05.01.07.18.27; Fri, 01 May 2020 07:18:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729123AbgEAOPF (ORCPT + 99 others); Fri, 1 May 2020 10:15:05 -0400 Received: from smtp-42a9.mail.infomaniak.ch ([84.16.66.169]:33343 "EHLO smtp-42a9.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728885AbgEAOPE (ORCPT ); Fri, 1 May 2020 10:15:04 -0400 Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 49DDm55ksLzlhP4P; Fri, 1 May 2020 16:15:01 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [94.23.54.103]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 49DDm327wYzlrK12; Fri, 1 May 2020 16:14:59 +0200 (CEST) Subject: Re: [PATCH v3 1/5] fs: Add support for a RESOLVE_MAYEXEC flag on openat2(2) To: James Morris Cc: linux-kernel@vger.kernel.org, Aleksa Sarai , Alexei Starovoitov , Al Viro , Andy Lutomirski , Christian Heimes , Daniel Borkmann , Deven Bowers , Eric Chiang , Florian Weimer , Jan Kara , Jann Horn , Jonathan Corbet , Kees Cook , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Mimi Zohar , =?UTF-8?Q?Philippe_Tr=c3=a9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org References: <20200428175129.634352-1-mic@digikod.net> <20200428175129.634352-2-mic@digikod.net> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: Date: Fri, 1 May 2020 16:14:58 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/05/2020 06:04, James Morris wrote: > On Tue, 28 Apr 2020, Mickaël Salaün wrote: > >> When the RESOLVE_MAYEXEC flag is passed, openat2(2) may be subject to >> additional restrictions depending on a security policy managed by the >> kernel through a sysctl or implemented by an LSM thanks to the >> inode_permission hook. > > > Reviewed-by: James Morris As requested, I switched back to O_MAYEXEC yesterday with the v4: https://lore.kernel.org/lkml/20200430132320.699508-2-mic@digikod.net/