Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp695846pxj; Thu, 27 May 2021 09:33:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwD4h1dCEHQrWSdxytBdIx9RzyrCQXRCyCLgyPF6df5Cg2QNTxcJf0TtOe0WM6Nzg99azt5 X-Received: by 2002:a17:906:eb10:: with SMTP id mb16mr4716048ejb.209.1622133234830; Thu, 27 May 2021 09:33:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622133234; cv=none; d=google.com; s=arc-20160816; b=jgtCVo3qilqllTODFzPG1HRBCM+9K2goahqW21BOUOKLOC0C3ugvpU0GF+NLqfnD70 gb8XwK8cJDd69G0/pBc8pH57YVGmwCV3eqgMb6E9qHqFkaYk6diKb7nQsn5c5csXw/pP PYUOW1Z/LxorfOWLMOohCENFQ/r1aiTbRQqUCMbLDUXQ9+Jm6SM8DPaP2kta6PReBWR/ 5oi/M3dO7nrxBznPSNJ68QoZBZ9e4xAIo6hS2YEQvxPSI7+WA6FzF8taNUMoDKQ81uFx UoBnIxmelFQfppd9Ss0+qSlGGuqCPSXIlMh6gT1fyJJVQTIEQEQ9frj9A69vU5C6W/7g ZT3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=0KMicP7dPruhWbetN8SS8Qn8WRBhDpCdjlUFYTYIPQY=; b=IX7JEMtE7F23Kv6b19J2QgtRkP1U8o4IvHwkvUCEnJSSSC16UMwh+4DpQA3bwZda0O 4Z7CFnr5U+Ku2qmEXwC6ldN6iWpIVzhrm4Q+52t8ZEnWHYwVX4SU/aOoPM9/QyTgJs4q YCFI3qQuavmm7jvr6MKdfkrZXSCv1CODRAXJHpUsxUqlhr7Bz5Z8nKSQsRANt/CksST8 cnCeBq9bx8mX1QtuMThlSVRCkvmH9nzRq1041KYadQ5tekztRpx3sXkEBofrfo29r2Mk oKXwKq+LOOph1IHwaYQbKgcxJYzsYLOamPPEfNTkDgHDkGrP3IKxgBhJMTaz82qoDVh8 3Cmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=oL8+TZNn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id va16si2574547ejb.325.2021.05.27.09.33.29; Thu, 27 May 2021 09:33:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=oL8+TZNn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236318AbhE0OUk (ORCPT + 99 others); Thu, 27 May 2021 10:20:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236350AbhE0OUj (ORCPT ); Thu, 27 May 2021 10:20:39 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26632C0613CE for ; Thu, 27 May 2021 07:19:05 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id l1so353289ejb.6 for ; Thu, 27 May 2021 07:19:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0KMicP7dPruhWbetN8SS8Qn8WRBhDpCdjlUFYTYIPQY=; b=oL8+TZNnSedYZxnjK4DI9LSvARM8ndmpxlxh6MbE8xc+bzPwC15R8Oe7BjBHBNDZJU TNJP8Tt8TyG1DmWC33rk+d5R2TN/mvP/gK0UeOcVkgdELmghktfHLYP8jQjpCHsvmX2b DhFL94mzDwpgYjyGSpg4J/rAkkNxNjR97srQQgHxVbtNcfz5kQ/cblTw8NQzxSMLaOrY G1r+90PQY64rR4qLSENwuRJU1aPtfVkjFCNY2D6JqIUDBKPVcJCgfP8G2hKezSwWEDi4 apxq9vHVNpXDgfq28VM6AgmXZQSXQY5PyR5QvKTo1urmbFatACON7BQ19GUEX0119z5i Scww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0KMicP7dPruhWbetN8SS8Qn8WRBhDpCdjlUFYTYIPQY=; b=IIXvNRq40AWLl1m1Gsx+td7oGYkPT4F2AsPgzNXe951OcOefMiXk5lGRdcaKl32Vu8 Ux1NuYhyWfJA435JjcOK8zQ/SbipVtfl9R5n3jfI5+q4z2NG9m5JALPcuNQfCv0MmREz be5oDs/fU9eQFXRLAzemAl92FEKCaGin4ynQKvUN3JnX4Q/Pdv+4iGMsaYsa0r82TnSf bExYRygK/K0y5gqsOuIJn9NSapZ1Gb6iRnX++IiLUB2lkIcBv6u9abj5SuFKTWOOpU+h PL444MyR3O/04Fad7gnwYs/vNm0c34uZmPI2axAot8a4Kism3JJSuPuatGQSfVON9eZ2 bKeg== X-Gm-Message-State: AOAM530aCDyTqaYa220OVWA/oZ8ouz3YYKkhklfAxdZzNGwK3dF9W9+O JS70yr8LjEtVNcY4Ty93V5nloFNLxEDSCqt7qe/j X-Received: by 2002:a17:906:f283:: with SMTP id gu3mr4078724ejb.91.1622125143443; Thu, 27 May 2021 07:19:03 -0700 (PDT) MIME-Version: 1.0 References: <20210517092006.803332-1-omosnace@redhat.com> <87o8d9k4ln.fsf@mpe.ellerman.id.au> <3ad4fb7f-99f3-fa71-fdb2-59db751c7e2b@namei.org> In-Reply-To: <3ad4fb7f-99f3-fa71-fdb2-59db751c7e2b@namei.org> From: Paul Moore Date: Thu, 27 May 2021 10:18:52 -0400 Message-ID: Subject: Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks To: James Morris Cc: Ondrej Mosnacek , Michael Ellerman , Linux Security Module list , Steven Rostedt , Ingo Molnar , Stephen Smalley , SElinux list , linuxppc-dev@lists.ozlabs.org, Linux FS Devel , bpf , network dev , Linux kernel mailing list , Casey Schaufler Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 27, 2021 at 12:33 AM James Morris wrote: > On Wed, 26 May 2021, Ondrej Mosnacek wrote: > > > Thanks, Michael! > > > > James/Paul, is there anything blocking this patch from being merged? > > Especially the BPF case is causing real trouble for people and the > > only workaround is to broadly allow lockdown::confidentiality in the > > policy. > > It would be good to see more signoffs/reviews, especially from Paul, but > he is busy with the io_uring stuff. Yes, it's been a busy week with various things going on around here. I looked at the v1 posting but haven't had a chance yet to look at v2; I promise to get to it today, but it might not happen until later tonight. > Let's see if anyone else can look at this in the next couple of days. -- paul moore www.paul-moore.com