Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1548009ybg; Thu, 4 Jun 2020 12:30:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxE5sApMI1AS0a0URLmNSe0LzgW0qG9OBZnKaO+wxg02Rk+dhB99euHmIMFzPib79ksvUVZ X-Received: by 2002:a17:906:670d:: with SMTP id a13mr5377141ejp.290.1591299029951; Thu, 04 Jun 2020 12:30:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591299029; cv=none; d=google.com; s=arc-20160816; b=LM/1+vJ3YVgDUdZzw0z7T17GDH22S+WWfd5ZvNCjjxbCZGNKqRnFCpcxA5U9YgDIyK OFrCFnzxjXMfKclDAoUg5kN7IodRbEdDNasM4Absq5NU9lbtZ7JR0NrBKpUFl/4H2Cxk YEsOctQ+IepypYk+a17FagEjUcxnoEiksJLl1zkodDFG/FGv3Ub46UBR3CKQCbasxB9C nD2KXQ0XtGkJfe99xI/1OEACA8nULME6rX98jwvMY9nEovcRyE4pLeLlaiDRYXMrZdFe nP74I9c0AzARefhXu1+ZMl/S25bYskBjanSnbg+sh+9NzBRJjRiMu12H+J1flug0q7M1 EIVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=NbRk0Np2RyEeRH9dbEqIpL8yNJC/z12gVw4fgEEaAMo=; b=i9ZFFozzqrYSLnMGsKOud+5e/wpg1qRhWIDX0VNYg9Q1RNQDINCJzUtl/Yr2fq4BRP C1++LEJSVMAsYKsmrsV9mw8SL54B0+HLbip741K/RuKKN3z+v/eBQXT6MGmvJLBkncq3 FWXKOjRhsH78P8ODKdPn2TaVt/3eQ8z0kMmC5jCtT0j/jtySZWSOrJ3q9tib+Osu8AVt pCunNozjvDpQy3inuxCBcTqekOifyYST2R8c6hAFm+McIXYcel+ZEyHmFZighXapmbWY SHamJkf+1XmGsWJ9AUQrsQhoFgoBTYKWsThhEM6bYHyuZybz5a+jyJBUhA49p3GVwIkh 2Iow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="u3M9sN/I"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a20si2023145edv.497.2020.06.04.12.30.06; Thu, 04 Jun 2020 12:30:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="u3M9sN/I"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728945AbgFDTZG (ORCPT + 99 others); Thu, 4 Jun 2020 15:25:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728912AbgFDTZG (ORCPT ); Thu, 4 Jun 2020 15:25:06 -0400 Received: from mail-il1-x143.google.com (mail-il1-x143.google.com [IPv6:2607:f8b0:4864:20::143]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEBABC08C5C2 for ; Thu, 4 Jun 2020 12:25:05 -0700 (PDT) Received: by mail-il1-x143.google.com with SMTP id e11so2126159ilr.4 for ; Thu, 04 Jun 2020 12:25:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NbRk0Np2RyEeRH9dbEqIpL8yNJC/z12gVw4fgEEaAMo=; b=u3M9sN/IXt2i7f51ms44wcx6VueK56R5jjDi1EhydAqd363IGhxfzmeL0NaaS0VDKZ LT3tpByq66dNFY2IfXpAvX+pUorSPfIjGsVB1859eLQdxjM/VlmM+e6CWuL30UGQhC7K YQKEksG3uOkNi41rgdJ85kME1PIvIEb4BRzrRRfQ8pNpUmhGI0VKYt8BnHnBwPZFuTmA 288Voau9XPcStXZ99IiGx9aGt7TmfOx88Wcu73nVl90rLmJS6BucaU4U8JytXmEebCWr v1W1Kjv5Pl5f9LBg8XH+2ZKC0GCarljHbOfzGXa/Vs0ag78JzyHR1/0N06Z9xg9rzSbJ WBqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NbRk0Np2RyEeRH9dbEqIpL8yNJC/z12gVw4fgEEaAMo=; b=JedHPsXoFKFopcdlp8UZA1Oe/UOkPI8aFlolbUxfi/vDBvbAdJ6VJRNBBE7WRMOVXQ oiMOTBHd3V2KydFIiJbKoQXbyUCMwOpVUK4mAh2iYTfF020ECeRM3wly9qHhHroU8MVX 6jvFGNFntCnapkzM0zbZ3ip7ABwNVpo3bdOLtxyY3Y/DQs4ecQEdvfIz6hr8djzcC+6I TefUEqtwE7y3n34+83zKMrBEUQRWUwA9ThqtQobqC/bSjNINc4xkq3oiz9rK1GSTfEdk jFU/TwVRNRRrpxKtIeG/MuMt+ePuy8sNvu+oanGm+0/nH8NvaFwsWG31Pap4Dyl/tuEi P9pw== X-Gm-Message-State: AOAM532MdIUDwqcwi/X8t3jPOOLxUDww5wB5ed+PiRf67mgn7u3Qew3K nYeUL87HHWLkJ2SIb9VlEtvlPZgpNaGzBVQmpS9/uA== X-Received: by 2002:a92:c048:: with SMTP id o8mr5413126ilf.202.1591298704710; Thu, 04 Jun 2020 12:25:04 -0700 (PDT) MIME-Version: 1.0 References: <20200326200634.222009-1-dancol@google.com> <20200401213903.182112-1-dancol@google.com> In-Reply-To: From: Lokesh Gidra Date: Thu, 4 Jun 2020 12:24:53 -0700 Message-ID: Subject: Re: [PATCH v5 0/3] SELinux support for anonymous inodes and UFFD To: Stephen Smalley Cc: James Morris , Daniel Colascione , Tim Murray , SElinux list , LSM List , Linux FS Devel , linux-kernel , kvm@vger.kernel.org, Al Viro , Paul Moore , Nick Kralevich , Stephen Smalley , Andrew Morton , Suren Baghdasaryan Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Adding a colleague from the Android kernel team. On Thu, Jun 4, 2020 at 11:52 AM Stephen Smalley wrote: > > On Wed, Jun 3, 2020 at 11:59 PM James Morris wrote: > > > > On Wed, 1 Apr 2020, Daniel Colascione wrote: > > > > > Daniel Colascione (3): > > > Add a new LSM-supporting anonymous inode interface > > > Teach SELinux about anonymous inodes > > > Wire UFFD up to SELinux > > > > > > fs/anon_inodes.c | 191 ++++++++++++++++++++++------ > > > fs/userfaultfd.c | 30 ++++- > > > include/linux/anon_inodes.h | 13 ++ > > > include/linux/lsm_hooks.h | 11 ++ > > > include/linux/security.h | 3 + > > > security/security.c | 9 ++ > > > security/selinux/hooks.c | 53 ++++++++ > > > security/selinux/include/classmap.h | 2 + > > > 8 files changed, 267 insertions(+), 45 deletions(-) > > > > Applied to > > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git secure_uffd_v5.9 > > and next-testing. > > > > This will provide test coverage in linux-next, as we aim to get this > > upstream for v5.9. > > > > I had to make some minor fixups, please review. > > LGTM and my userfaultfd test case worked.