Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp571164pxy; Fri, 30 Apr 2021 11:16:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwtS7Ui5QtDhdiqXjjkcaOh8jLaCYE5MzAiB8Drsj5dUvIyQktpIdkMyDQksUgUDaMpzrRE X-Received: by 2002:a05:6a00:1494:b029:278:a4bc:957f with SMTP id v20-20020a056a001494b0290278a4bc957fmr5820821pfu.55.1619806604777; Fri, 30 Apr 2021 11:16:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619806604; cv=none; d=google.com; s=arc-20160816; b=iSxgQLzcFfzKPQYpjcezKDAsikuuMpYIuKIS6BySGzB1GPz9yoiaQzO2JQayIQBcf/ tvpmP3WTJ4ACstHSOAUSVqM5bbgdwASxvyONps2QTrdURjWrpATbAtv73tnMH8cuyZw8 8FVcpHvcH0wkNQ85fJ1CMia5Uou1I3puJCwVvl8d3RSojZhGQlxZCvxvd6eSxp5FcY/m zDr0w5OLWcjdkuo/WFSuAwP7RxnOnbfmOr+NBH4KZpTYNv8EyItgOweaIr6jseJg6DEi G33u4DvDEg2IGHjlKwn18LA/BfVhOnFxtTSrgPpbJ6gdNr1HNwekNhqpds96w+iGaefr CEFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:content-disposition:mime-version :reply-to:message-id:subject:to:from:date; bh=xBfLMexs83GCJMHDt+Tb5qwhH32ZfxS9BA4QN3IR3Wo=; b=NUFq5sKRBsHENvhdYJaFVrhARZ1YSwmMUCwz8Wvi1ov6GTq6B4cyjyDlwSOY6TYTji Fhxq8cw8FFbZSnEq19EUPfGEjBoEa+ItIQsaHnB/eBi82c9vBQsOBvdSzm2OvbTC07Qg T2MI9GCxP6zq9Hvli4wPdu80tnBoNAlYilXAziWYODMk14a60NGavckpp/wSnlooM5uu /0ZbO634L8S+ae1zRrhsBXOU2aJoZQtGqDbSTvvdm02ZTtR7MKXq5TCxeS9stmHWi2Q/ 6F37m5dvG/r4n8FMfyg7uBNO9wAhAoZv0biVeu6e9o+1WuYOjZjXMgyM/B0xBnaxBZEL nfDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p9si2693457pfo.126.2021.04.30.11.16.28; Fri, 30 Apr 2021 11:16:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230363AbhD3SQq (ORCPT + 99 others); Fri, 30 Apr 2021 14:16:46 -0400 Received: from wind.enjellic.com ([76.10.64.91]:47822 "EHLO wind.enjellic.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229750AbhD3SQo (ORCPT ); Fri, 30 Apr 2021 14:16:44 -0400 Received: from wind.enjellic.com (localhost [127.0.0.1]) by wind.enjellic.com (8.15.2/8.15.2) with ESMTP id 13UIFeDY009486; Fri, 30 Apr 2021 13:15:40 -0500 Received: (from greg@localhost) by wind.enjellic.com (8.15.2/8.15.2/Submit) id 13UIFd46009485; Fri, 30 Apr 2021 13:15:39 -0500 Date: Fri, 30 Apr 2021 13:15:39 -0500 From: "Dr. Greg" To: linux-kernel@vger.kernel.org Subject: Do kernel namespaces have a desire to be inclusive to newcomers? Message-ID: <20210430181539.GA9323@wind.enjellic.com> Reply-To: "Dr. Greg" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.3 (wind.enjellic.com [127.0.0.1]); Fri, 30 Apr 2021 13:15:40 -0500 (CDT) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I hope the week has gone well for everyone, apologies in advance for indulging in a bit of political humor for the subject of this e-mail. We are rounding the corner for the release of a new security architecture for Linux that weaves together IMA and the LSM infrastructure. It is designed to support what we think the future is going to be for security when OpenTitan and/or Pluton grow up to be adults. Part and parcel to the architecture is the implementation of a namespace for modeling security event domains. We chose to update our code from an initial implementation on 4.4 to 5.4, given the latter's status as an LTS release, and the availability of the clone3() system call and the expanded bit field width for the designation of namespace types. Using anything for a namespace type designator that translates into something beyond a 32-bit value seems to run afoul of the fact that an int is used for the type element of the proc_ns_operations structure. Since all of this is decidedly outside the kernel, and may never be appropriate for mainline, this isn't a big issue but if our reasoning is correct it will be a potential issue for other namespaces once the remaining lower bits of the flags field is consumed. Since we currently only need unshare capabilities, we used the bit position below CLONE_NEWTIME for the time being but are interested in knowing if this limitation is by design or if a patch would be acceptable for simply pushing that structure element out to 64 bits, which in classical technology parlance; 'should be enough for anyone'. Any thoughts would be appreciated. Best wishes for a pleasant weekend to everyone. Dr. Greg As always, Dr. Greg Wettstein, Ph.D, Worker Autonomously self-defensive Enjellic Systems Development, LLC IOT platforms and edge devices. 4206 19th Ave. N. Fargo, ND 58102 PH: 701-281-1686 EMAIL: greg@enjellic.com ------------------------------------------------------------------------------ "Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken