Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A938FC433FE for ; Sat, 11 Dec 2021 14:44:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231246AbhLKOoj (ORCPT ); Sat, 11 Dec 2021 09:44:39 -0500 Received: from bedivere.hansenpartnership.com ([96.44.175.130]:58946 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229924AbhLKOoj (ORCPT ); Sat, 11 Dec 2021 09:44:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1639233878; bh=u7YJrtEsUUWjwexDAYwFQC/8rMSyJeVa31PFSxuanm0=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=tWzOzDpI+7mKEY/O8ouz+NjIFbYCFBw621J6+YAbPLHPyju0EBFO5+t/E74o1eZvw 9tZbJD0U9o3lP8+MTQmOwk0CcZBMgzILm2nR4snS+Xm4BscihRAbfDWvJ9WS6oYwAU yYW/gKHAOAh0lWFxkCNQaJx3OMcAxoa9AF58FDpY= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id BC95212803A4; Sat, 11 Dec 2021 09:44:38 -0500 (EST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8znrXHDMOZci; Sat, 11 Dec 2021 09:44:38 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1639233878; bh=u7YJrtEsUUWjwexDAYwFQC/8rMSyJeVa31PFSxuanm0=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=tWzOzDpI+7mKEY/O8ouz+NjIFbYCFBw621J6+YAbPLHPyju0EBFO5+t/E74o1eZvw 9tZbJD0U9o3lP8+MTQmOwk0CcZBMgzILm2nR4snS+Xm4BscihRAbfDWvJ9WS6oYwAU yYW/gKHAOAh0lWFxkCNQaJx3OMcAxoa9AF58FDpY= Received: from jarvis.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4300:c551::527]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id EBA2A128037C; Sat, 11 Dec 2021 09:44:36 -0500 (EST) Message-ID: Subject: Re: [PATCH v4 11/16] securityfs: Only use simple_pin_fs/simple_release_fs for init_user_ns From: James Bottomley To: Jarkko Sakkinen , Stefan Berger , linux-integrity@vger.kernel.org Cc: zohar@linux.ibm.com, serge@hallyn.com, christian.brauner@ubuntu.com, containers@lists.linux.dev, dmitry.kasatkin@gmail.com, ebiederm@xmission.com, krzysztof.struczynski@huawei.com, roberto.sassu@huawei.com, mpeters@redhat.com, lhinds@redhat.com, lsturman@redhat.com, puiterwi@redhat.com, jamjoom@us.ibm.com, linux-kernel@vger.kernel.org, paul@paul-moore.com, rgb@redhat.com, linux-security-module@vger.kernel.org, jmorris@namei.org Date: Sat, 11 Dec 2021 09:44:35 -0500 In-Reply-To: References: <20211207202127.1508689-1-stefanb@linux.ibm.com> <20211207202127.1508689-12-stefanb@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 2021-12-11 at 16:16 +0200, Jarkko Sakkinen wrote: > On Tue, 2021-12-07 at 15:21 -0500, Stefan Berger wrote: > > To prepare for virtualization of SecurityFS, use simple_pin_fs and > > simpe_release_fs only when init_user_ns is active. > > > > Signed-off-by: Stefan Berger > > Signed-off-by: James Bottomley < > > James.Bottomley@HansenPartnership.com> > > What do you mean by virtualization, and how does this prepare > securityfs for it? The commit message should be way more verbose. Heh, well cart before horse: we're still trying to work out how to do it correctly, so we can't really document it until we've figured that bit out. Once that's all sorted, the output is likely something in Documentation/ explaining how to namespace a pseudo filesystem (since we have quite a few of them in the kernel) rather than a commit message which will get hard to find the next time someone wants to do this. James