Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1289976pxb;
        Fri, 21 Jan 2022 14:29:56 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz+6EqsE54pBiTrPTwxJF5E4DkqVsLsZ370QVYokTX5waNGBDFOxJ03uqAyLohMXrX3Q0uP
X-Received: by 2002:a17:902:e0c2:b0:14a:e796:26c2 with SMTP id e2-20020a170902e0c200b0014ae79626c2mr5758962pla.118.1642804196532;
        Fri, 21 Jan 2022 14:29:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642804196; cv=none;
        d=google.com; s=arc-20160816;
        b=Sb/HpofU7oARWsO+wO0/9HSCDQwbQmzW/PCCAeOuF7WvhuYY2TJzzZCc95qYoHes2c
         riJrEvO/NTKUKfBqeV/APlf62CmqJ1Kv8O5h6u1klD6QxNEyYAz/JEB/yOsJQLEM668n
         XRZLLLd/x1nXF7dRwsi5hIhfPDqZwzMV/tgP3mua8R9iaXT1hzEGJW6U15pd7op7XZrx
         qTOq9pbEnXoqOqwARtC1wXUAiCzSvdJnEHzjp5/Y7TRgvn1X19deScdnvB3KP691lhbS
         srxfs2XjWI2thQadieuScVo+oon2WQp90fxyH0U4+wBuxSuxSZCtXxzNjkAPqJhxuMXj
         NQZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:dkim-filter;
        bh=Dk7oCau3NPRZS/+Jkk3UnnvDE9WkuVx6eb7IIQKTP7w=;
        b=fyq79WTmSdJ2bbOF1N+WUatbSldhlEOGuTwgUCoag2f9ySYGIzMipDYpo1WjxTICpf
         D2uYxvFmOWgK6Z/95O8tVNCHDsChZLBa2eZcDzHnAA80CcylZ0TuiDAV4wQkzyRF9ENx
         G4kIQoMp4QWiKtJfzG1/ymhK7U0p0P56kcOmqH6s6ihDDd5MkVW+yC10sxLiPGMChWqh
         WuKwQAmslUwgOD1xf1zNzim+rnQRJUmWfQ9flm7dTV2+AzDevfRP6wsgACFlESqLuOm0
         nqOmVfAFQM+OQpzgjQxkZzPhLbeI15LzrFT2SVw/0zG+LydhZs+Zkp2E5M+GcxcUChKZ
         GQLA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=ZDcgMC5V;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x11si8461549pgl.231.2022.01.21.14.29.43;
        Fri, 21 Jan 2022 14:29:56 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=ZDcgMC5V;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238387AbiATSOV (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Thu, 20 Jan 2022 13:14:21 -0500
Received: from linux.microsoft.com ([13.77.154.182]:57736 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232699AbiATSOU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 20 Jan 2022 13:14:20 -0500
Received: from machine.localnet (lfbn-lyo-1-1484-111.w86-207.abo.wanadoo.fr [86.207.51.111])
        by linux.microsoft.com (Postfix) with ESMTPSA id 02A1B20B6C61;
        Thu, 20 Jan 2022 10:14:18 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 02A1B20B6C61
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1642702459;
        bh=Dk7oCau3NPRZS/+Jkk3UnnvDE9WkuVx6eb7IIQKTP7w=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ZDcgMC5VFkHZu6/uJMm4VJANNiN6cyrtxoQZeNKwAeXvpr64gwKOUJZbvUPa4MxBF
         MJtkL1x5fZKwFs9tLq12bIAFdjXCiHL5v7TlGtSjR8os7VOa00TbhcX5lcfaCZch5e
         bf+r01RKDKT+sGw1e+rOp27OsQH1eNIOpmNobTdU=
From:   Francis Laniel <flaniel@linux.microsoft.com>
To:     linux-kernel@vger.kernel.org,
        Casey Schaufler <casey@schaufler-ca.com>
Cc:     linux-security-module@vger.kernel.org,
        Serge Hallyn <serge@hallyn.com>
Subject: Re: [RFC PATCH v3 0/2] Add capabilities file to sysfs
Date:   Thu, 20 Jan 2022 19:14:16 +0100
Message-ID: <6086103.nWTFFhADWI@machine>
In-Reply-To: <0c3b5f66-1550-3b67-c5a7-c452ff463b30@schaufler-ca.com>
References: <20220120180116.167702-1-flaniel@linux.microsoft.com> <0c3b5f66-1550-3b67-c5a7-c452ff463b30@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Le jeudi 20 janvier 2022, 19:09:50 CET Casey Schaufler a =E9crit :
> On 1/20/2022 10:01 AM, Francis Laniel wrote:
> > Hi.
> >=20
> >=20
> > First, I hope you are fine and the same for your relatives.
> >=20
> > Capabilities are used to check if a thread has the right to perform a
> > given
> > action [1].
> > For example, a thread with CAP_BPF set can use the bpf() syscall.
> >=20
> > Capabilities are used in the container world.
> > In terms of code, several projects related to container maintain code
> > where the capabilities are written alike include/uapi/linux/capability.h
> > [2][3][4][5]. For these projects, their codebase should be updated when=
 a
> > new capability is added to the kernel.
> > Some other projects rely on <sys/capability.h> [6].
> > In this case, this header file should reflect the capabilities offered =
by
> > the kernel.
> >=20
> > So, in this series, I added a new file to sysfs:
> > /sys/kernel/security/capabilities.
> > The goal of this file is to be used by "container world" software to kn=
ow
> > kernel capabilities at run time instead of compile time.
> >=20
> > The "file" is read-only and its content is the capability number
> > associated with the capability name:
> > root@vm-amd64:~# cat /sys/kernel/security/capabilities
> > 0       CAP_CHOWN
> > 1       CAP_DAC_OVERRIDE
> > ...
> > 40      CAP_CHECKPOINT_RESTORE
> >=20
> > The kernel already exposes the last capability number under:
> > /proc/sys/kernel/cap_last_cap
> > So, I think there should not be any issue exposing all the capabilities=
 it
> > offers.
> > If there is any, please share it as I do not want to introduce issue wi=
th
> > this series.
> >=20
> > Also, if you see any way to improve this series please share it as it
> > would
> > increase this contribution quality.
> >=20
> > Change since v2:
> > * Use a char * for cap_string instead of an array, each line of this ch=
ar
> > *
> > contains the capability number and its name.
> > * Move the file under /sys/kernel/security instead of /sys/kernel.
> >=20
> > Francis Laniel (2):
> >    capability: Add cap_string.
> >    security/inode.c: Add capabilities file.
> >  =20
> >   include/uapi/linux/capability.h |  1 +
> >   kernel/capability.c             | 45 +++++++++++++++++++++++++++++++++
> >   security/inode.c                | 16 ++++++++++++
> >   3 files changed, 62 insertions(+)
>=20
> For the series:
>=20
> Acked-by: Casey Schaufler <casey@schaufler-ca.com>

Thank you!
I will wait to get some comments on the v3 and send a v4 with your tag adde=
d!

> > Best regards and thank you in advance for your reviews.
> > ---
> > [1] man capabilities
> > [2]
> > https://github.com/containerd/containerd/blob/1a078e6893d07fec10a4940a5=
66
> > 4fab21d6f7d1e/pkg/cap/cap_linux.go#L135 [3]
> > https://github.com/moby/moby/commit/485cf38d48e7111b3d1f584d5e9eab46a90=
2a
> > abc#diff-2e04625b209932e74c617de96682ed72fbd1bb0d0cb9fb7c709cf47a86b6f9=
c1
> > moby relies on containerd code.
> > [4]
> > https://github.com/syndtr/gocapability/blob/42c35b4376354fd554efc7ad35e=
0b
> > 7f94e3a0ffb/capability/enum.go#L47 [5]
> > https://github.com/opencontainers/runc/blob/00f56786bb220b55b4174823188=
0b
> > a0e6380519a/libcontainer/capabilities/capabilities.go#L12 runc relies on
> > syndtr package.
> > [6]
> > https://github.com/containers/crun/blob/fafb556f09e6ffd4690c452ff51856b=
88
> > 0c089f1/src/libcrun/linux.c#L35