Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3129625pxu; Tue, 8 Dec 2020 04:29:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJwqaX9V3Mo4cHKXpVUk/C3z5lmb+14S7vMi7dtYsMD61SBx8a80d6eMEUmjPxUcVbS0Xk8z X-Received: by 2002:a17:906:a197:: with SMTP id s23mr22997489ejy.463.1607430579985; Tue, 08 Dec 2020 04:29:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607430579; cv=none; d=google.com; s=arc-20160816; b=EQJvDo1eh8y9gzyy7S+uBIW1JiHCV0wAdMzEwRuOBYW1i2LQBbSJIukCIgOtM8A5Z/ CpejHIwi4c1XAQoy/K/gulEbAnf/ZW/1+3oXRefKG0lKf7UZAP9Zm5O5DzB517ucDhyH SXGU+dosDUizrAAlSYYxZ7cB4GkDV3GjGk922XZxqHqwQgzztBYYBBhLuvnEigFj6Veq wqFhT8lJuDJ1JYq+MZ7NrqfqNSV8hVuPvgDQ2oi83Y3eVZTreOMOsNfYw4uHmH3y9Pvz ycGlmW4Q/cWR3kSgV9G0gLcogXLkHUs1Ad8ToohgtpEtecd6I/YJwqp+vWT8zvXKrrC9 zdWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=oB7UJLmGw7JG3tEgVYUHQnyFxHY5fDEXIyYpxc3huRU=; b=XL6UwvFTrnpfgMxrabFe9Sx4RCigrxtr+XEAolDzBnH7pDd+R6+R7TGHUsimR164US VxZKfwFXa0Q0QAf8AxfNylET442/hrZQ9rK0WtZf2i0z/sx2S+MKVas6lJiSNgFqb541 s7DlcTD/8CIhzG33D4Pa3fwbtgzm8xp+Icisq5P5+U6Bpzrj6bVD701hv58HYE0OkOrR JFBBi5eyssVaZBN8hzq/szrsJDfV1GSyvwHX8698Arc7mWjO4Qz3gZ3WNIwTIkRqo+Rx c5AMY0zqyWVPg9ND2UCt1bfM48wTCB0B5yX8qZkgbwgTNs4lhg2Sm+UKL/Y7CWkFH6+A xifQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dc28si10080076edb.219.2020.12.08.04.29.17; Tue, 08 Dec 2020 04:29:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728495AbgLHK2g (ORCPT + 99 others); Tue, 8 Dec 2020 05:28:36 -0500 Received: from www262.sakura.ne.jp ([202.181.97.72]:60237 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726138AbgLHK2g (ORCPT ); Tue, 8 Dec 2020 05:28:36 -0500 Received: from fsav110.sakura.ne.jp (fsav110.sakura.ne.jp [27.133.134.237]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 0B8ARD1X008734; Tue, 8 Dec 2020 19:27:13 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav110.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav110.sakura.ne.jp); Tue, 08 Dec 2020 19:27:13 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav110.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 0B8ARDxs008729 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Tue, 8 Dec 2020 19:27:13 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [PATCH v2 00/10] allow unprivileged overlay mounts To: Miklos Szeredi , "Eric W . Biederman" Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, John Johansen References: <20201207163255.564116-1-mszeredi@redhat.com> From: Tetsuo Handa Message-ID: <1725e01a-4d4d-aecb-bad6-54aa220b4cd2@i-love.sakura.ne.jp> Date: Tue, 8 Dec 2020 19:27:13 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 MIME-Version: 1.0 In-Reply-To: <20201207163255.564116-1-mszeredi@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/12/08 1:32, Miklos Szeredi wrote: > A general observation is that overlayfs does not call security_path_*() > hooks on the underlying fs. I don't see this as a problem, because a > simple bind mount done inside a private mount namespace also defeats the > path based security checks. Maybe I'm missing something here, so I'm > interested in comments from AppArmor and Tomoyo developers. Regarding TOMOYO, I don't want overlayfs to call security_path_*() hooks on the underlying fs, but the reason is different. It is not because a simple bind mount done inside a private mount namespace defeats the path based security checks. TOMOYO does want to check what device/filesystem is mounted on which location. But currently TOMOYO is failing to check it due to fsopen()/fsmount()/move_mount() API.