Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp884939pxb;
        Wed, 13 Jan 2021 19:25:50 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwIOTgrLpRMjtYa4vQ5fJt/vE/0IKR1yYqkKOk7I2gQLli2OjmLWdBF8+KOPHZGzNAuJ1Qe
X-Received: by 2002:a05:6402:1c8a:: with SMTP id cy10mr4194474edb.151.1610594750605;
        Wed, 13 Jan 2021 19:25:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610594750; cv=none;
        d=google.com; s=arc-20160816;
        b=YA5IyZqIB/iXawWy9J/LFfXCyG4dIa6+sPWon+zg2wY0b6o1x5lxPr7YqCQT3b5VyT
         lA3unAwK750WcWnJgCn3wtLZgf/0Dj96VqUsQU6XfLKCgQbQHW1kCzS/sKUr8Inbx1w+
         8oqUNT1nOiMgBhP+forjxQJGKswvqRcAr87l3dkHPcsZWVqq4iqy7GEFSQp/S6k2msps
         TFv0QRf0ez2cP4usEp+E3vH7XwmU79z8Eic86b9yLzwAS+KxwzstbVGdvw5saBSor0Mn
         iu0GRMDQjfFJ6fvb9q0Kqj/BiH4kqL2a0c20QcKl8FmCM/Y8BUCQkVcMNf9lV3lppL2b
         XhIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=dCFQaFfNvbuO5HY7Z7A4y6PDjNP/mJF+eUt08nNpgNw=;
        b=C8hnLkojOQcTg5gZ0ROPWhXnV4a2oUc2c6fGWmTglgl9FedHpwCSEAjAWS4JwC7Gdv
         bWfYvdDnZquXNT7F9/OLdFRfAUExoAFrIoEdRphrmaO3uuZBCoxf/Ts4AVoY3MS8nOdu
         n56QL3W0NrBNeRI2wUP2iYeMVeJhs6FqJwSGjeV3r4XNOFix/ZYhaV8Wb2URx0WHcDO/
         wtMVWYVHoaU5MRig0CA/QSP4zDGpLH69UoC8BrTo6GijMqU/obirL10GG7JUh9c0ilPo
         rB5Qz7kFTcFJA85JT4ct9OiNp+Ae1g/ywfTeZd+Wange6DIICfN7Ior0wjgEQjM10ULs
         5DPA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qyR3yKeV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h18si2161850eds.65.2021.01.13.19.25.27;
        Wed, 13 Jan 2021 19:25:50 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qyR3yKeV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728091AbhANDXX (ORCPT <rfc822;lizhong0730@gmail.com>
        + 99 others); Wed, 13 Jan 2021 22:23:23 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34736 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727278AbhANDXW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Jan 2021 22:23:22 -0500
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 216E7C0617AA
        for <linux-kernel@vger.kernel.org>; Wed, 13 Jan 2021 19:22:12 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id u25so6032550lfc.2
        for <linux-kernel@vger.kernel.org>; Wed, 13 Jan 2021 19:22:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=dCFQaFfNvbuO5HY7Z7A4y6PDjNP/mJF+eUt08nNpgNw=;
        b=qyR3yKeVlSVD4nXEr5DNwY3hTrpmi4Gpaollqr/lgV2pXEOq2Hp+DRUQf9MfHkB7oI
         uUHC1ag3mrzR3YcISx5SW09OG6EQ/+tvGiBegOCy0ZlQ0f0BKH/+M2V/NQeklOddlLGC
         nzeh+16Fq9IJ8T9EU3QDHHQjmr9e2/+IJZAtkRUK0q8rH9AlxVcK3jQEeOexfiT2UwDI
         y48ANh+Nrq7aYwuYfnWWzGIQezATsDthxYwmDAAsrd+aL5fKnC90hK5CZnKOoz57UZnd
         4lO5Igd+CQ+DYaOYb7DvEo0gJX1hVR0HaeMR0NNuKfGu/hLMcAy5lZwbkQY0/vIYRH9V
         NdOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=dCFQaFfNvbuO5HY7Z7A4y6PDjNP/mJF+eUt08nNpgNw=;
        b=C/9963/5tIGnujpQ0UtNmhdqqqVPbo36cCaPeJvhpVGzj2Sm5OTcedQd0mXyxuDili
         xUQHLLVKXz7vcffnKP53/vzWKtGpTac7NF8PTeDCcCM0rmgtI3bw0OI4NWySiXGgTE79
         WEeQ5+uBgo5X63o+L27s88PN1rdm8B09Dz+ybzXYnQM5M31WHElJKrDE7kxl52pYOS5s
         GWWjWoVxVqR3JJyWTRafoNkgFPplpKuuk9ME5VFza6x4bqnGf4FtOhLx/Ral33Fh0T93
         kBMhKy/G57m5AugEGZe0e+PTkv/9y+o0lPiMvQa+SNMPXE6F76+0c6rjm5rMsxga1Att
         9M7A==
X-Gm-Message-State: AOAM530zYH76LgMkKIwwwE41dXr3dOUVCWUhgPMv3kWWT81+NygE4Xrc
        K7J53KDkjMqIR6hBpo+UeDneVSNLKtjqfC0fPDL92A==
X-Received: by 2002:a19:197:: with SMTP id 145mr2241268lfb.352.1610594530449;
 Wed, 13 Jan 2021 19:22:10 -0800 (PST)
MIME-Version: 1.0
References: <20201209192839.1396820-1-mic@digikod.net> <20201209192839.1396820-3-mic@digikod.net>
In-Reply-To: <20201209192839.1396820-3-mic@digikod.net>
From:   Jann Horn <jannh@google.com>
Date:   Thu, 14 Jan 2021 04:21:44 +0100
Message-ID: <CAG48ez3Kf-jR2jhoyU29oad3-1R-BdO73hpfPeXwaaPzPK8Y0A@mail.gmail.com>
Subject: Re: [PATCH v26 02/12] landlock: Add ruleset and domain management
To:     =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@digikod.net>
Cc:     James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Andy Lutomirski <luto@amacapital.net>,
        Anton Ivanov <anton.ivanov@cambridgegreys.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Jeff Dike <jdike@addtoit.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Richard Weinberger <richard@nod.at>,
        Shuah Khan <shuah@kernel.org>,
        Vincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Linux API <linux-api@vger.kernel.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@linux.microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Dec 9, 2020 at 8:28 PM Micka=C3=ABl Sala=C3=BCn <mic@digikod.net> w=
rote:
> A Landlock ruleset is mainly a red-black tree with Landlock rules as
> nodes.  This enables quick update and lookup to match a requested
> access, e.g. to a file.  A ruleset is usable through a dedicated file
> descriptor (cf. following commit implementing syscalls) which enables a
> process to create and populate a ruleset with new rules.
>
> A domain is a ruleset tied to a set of processes.  This group of rules
> defines the security policy enforced on these processes and their future
> children.  A domain can transition to a new domain which is the
> intersection of all its constraints and those of a ruleset provided by
> the current process.  This modification only impact the current process.
> This means that a process can only gain more constraints (i.e. lose
> accesses) over time.
>
> Cc: James Morris <jmorris@namei.org>
> Cc: Jann Horn <jannh@google.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Serge E. Hallyn <serge@hallyn.com>
> Signed-off-by: Micka=C3=ABl Sala=C3=BCn <mic@linux.microsoft.com>

Yeah, the layer stack stuff in this version looks good to me. :)

Reviewed-by: Jann Horn <jannh@google.com>