Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp939673pxp; Wed, 16 Mar 2022 22:01:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz9WywqfLTxjCToeBlTMeCIIU7rEhVymqfZGbJ8uac5/c7vmtNn5MolfA5qs+7l5yWquBJ9 X-Received: by 2002:a65:4789:0:b0:374:8b11:fb47 with SMTP id e9-20020a654789000000b003748b11fb47mr2237103pgs.325.1647493295112; Wed, 16 Mar 2022 22:01:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647493295; cv=none; d=google.com; s=arc-20160816; b=mMgwJ1mxbPdb8LV4Xql0JeGUpK3IcM28f45Nhfc6quCb1f2MeKilkw3DVfm4fS8/2t TNlRFghGAFtasZCVku3qawUmmbrGpJ49Sh3m8SA4zCDPKUUhiJgm+cWcEe1natDK+uTM o0gMBsYpVA7MCs1GPjd9cyfyCGSHwUGI8sRbjfdRuFxnzTimfEF1Wk3tK2t9jAGNcy1t /Ta11Wk3QB+KqMBL9juoEAYuLar/fbwL07LPRbfMcDiBjNg1jQElui/vToI2SLZI0PKJ 4hBFPCkRJMliROuIeERAg4xAM1qbuxgbt6idmUQR7mmJviU9xil6RAM7AFJ7FCCcD0kL rTXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=9nqOkKXFqcKmZfXRa5UJynBrVNrscJsENfEMYF+znck=; b=IChDlnuklY5SOjNhXKXH2aF2p1XMNb1TBAnLqlyynq3AejTteC3b0xZ/wMxVuCJcJO CWjkX7MLHcniURMpFtYw8B2YHd0TdOmR6+NX9zmETAzQTcNChKFEom1DFPEkFzQ3VpLA G6nmckhi4qlagW6vICR+qWjdQ7e72EVCnV4RPgMVG9vTwfh6his26HhOL7uLXDZzymN2 4XO+IgkWWnaab7DPtCHYSWLs7xskeY6j4lhf9qXRM3ReA2i1WAhab+daPoN/qz5tdTFG //HqG3L7cljA08b4+Dc93vEWOcCN959GSZJCZc977QFZVsscxYG8RxDdLNy4w7chfozI DMdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=VBreYxdL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id y5-20020a17090322c500b00151f12cda43si3938188plg.425.2022.03.16.22.01.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 22:01:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=VBreYxdL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D0BAA19454B; Wed, 16 Mar 2022 21:15:42 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358278AbiCQB1s (ORCPT + 99 others); Wed, 16 Mar 2022 21:27:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350458AbiCQB1o (ORCPT ); Wed, 16 Mar 2022 21:27:44 -0400 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8E6E1DA79 for ; Wed, 16 Mar 2022 18:26:28 -0700 (PDT) Received: by mail-ej1-x635.google.com with SMTP id r13so7731690ejd.5 for ; Wed, 16 Mar 2022 18:26:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9nqOkKXFqcKmZfXRa5UJynBrVNrscJsENfEMYF+znck=; b=VBreYxdLWKIcXeOKDZeW7+NMjoymm8jD8AQqiGK7oypua6J/BnnNi/1AeRVWVvBWZF +b0XiC63C5zEgd//XuM3dVzaM/1UYZeomW7WbixMwAkebyQw+U+MrbRZAKQwJRq9MyF6 C3G8T8jezxM9E2VBsPYGl9TAGNHfNlsGHNwsXOzdYacdjugGeGWMgvmWRP79E7pWP6FA KDHXqnNRF8DRzMeCnX0G0GJwukTMSCSUuRj09L2Xx/aVqfdS7s5h2jKV98TwPK+gUs+6 yLcj4/5DQiyzsKuC8v7RsvZig+ZOsI/uUIIH//+81aShcAv9ixd9AqEcL2a81LL63EqM ICcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9nqOkKXFqcKmZfXRa5UJynBrVNrscJsENfEMYF+znck=; b=zuCd3ibFnVAQi+3V0oLLTVOfFDnKUn5Y6EpNjoQ8vco/coeGA2CXNYeGS6UMhMBX/3 LWznADJgX9CiZphV95XsrbL7xbmFfvtCv7F0PwS2Tk5LsMG6rvkHtuJW48t8iXxLx//i PEWTJJVCTLkb1TYCsPYptPXINS/whuPFQquT19hVoRsXRELy0xrccaabB5P7Lwgs/XDi vQyQT0mqaZRHRKlWFVxfEYCjKI3PQFW4huyrABrmzcNaE/IhWGujuMi4kZd17WvCabZ7 y5y91CuE3wxikKCnKZNytVA+bx2pxoaDXZ1zpNPFe7+86Qk7Z/sLDz+xeVDGsgMpwBL8 hwoQ== X-Gm-Message-State: AOAM531qU2n17ZZ8nneykVs+iG5HLdlwFbN9KYcL9VrVQ7GORn3clAMm V0LR3gpKeLL2sVWfal7iuPapS3tAS2ZHCmQYrMGM X-Received: by 2002:a17:907:9803:b0:6db:ab21:738e with SMTP id ji3-20020a170907980300b006dbab21738emr2166666ejc.112.1647480387381; Wed, 16 Mar 2022 18:26:27 -0700 (PDT) MIME-Version: 1.0 References: <20220221212522.320243-1-mic@digikod.net> <20220221212522.320243-3-mic@digikod.net> In-Reply-To: <20220221212522.320243-3-mic@digikod.net> From: Paul Moore Date: Wed, 16 Mar 2022 21:26:16 -0400 Message-ID: Subject: Re: [PATCH v1 02/11] landlock: Reduce the maximum number of layers to 16 To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Cc: James Morris , "Serge E . Hallyn" , Al Viro , Jann Horn , Kees Cook , Konstantin Meskhidze , Shuah Khan , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 21, 2022 at 4:15 PM Micka=C3=ABl Sala=C3=BCn = wrote: > > From: Micka=C3=ABl Sala=C3=BCn > > The maximum number of nested Landlock domains is currently 64. Because > of the following fix and to help reduce the stack size, let's reduce it > to 16. This seems large enough for a lot of use cases (e.g. sandboxed > init service, spawning a sandboxed SSH service, in nested sandboxed > containers). Reducing the number of nested domains may also help to > discover misuse of Landlock (e.g. creating a domain per rule). > > Add and use a dedicated layer_mask_t typedef to fit with the number of > layers. This might be useful when changing it and to keep it consistent > with the maximum number of layers. > > Signed-off-by: Micka=C3=ABl Sala=C3=BCn > Link: https://lore.kernel.org/r/20220221212522.320243-3-mic@digikod.net > --- > security/landlock/fs.c | 13 +++++-------- > security/landlock/limits.h | 2 +- > security/landlock/ruleset.h | 4 ++++ > tools/testing/selftests/landlock/fs_test.c | 2 +- > 4 files changed, 11 insertions(+), 10 deletions(-) I'm assuming that the drop in Landlock nesting down to 16 isn't going to cause any userspace breakage :) Reviewed-by: Paul Moore -- paul-moore.com