Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3408315iog; Mon, 27 Jun 2022 15:43:01 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vFv7P2UeEF+VI9Ylehd8UCVeRtaPEECBPSqdo0BkeguteEJ8U/K4mblxyPEsI6OXqos6UX X-Received: by 2002:a17:907:3f82:b0:726:3732:961c with SMTP id hr2-20020a1709073f8200b007263732961cmr15478815ejc.727.1656369781670; Mon, 27 Jun 2022 15:43:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656369781; cv=none; d=google.com; s=arc-20160816; b=V1+cUf9QOHECVBg5DIp41rmejL7nsLfqgA0AgysgZt+G4sX51SgrhLbq9NC1wYUBKB hcNRCGQKKuROS8nrwucZInNq/5J/2fs5tfxiNW/THNCpvNU8H/POX5MR5KETFVhy6s8N SGUsd/Zp9AwC1cKIA7FnMJjc+aj36rqgCQwrm974TuekYg4eJdkE1NLO7m3Cyz6vi/hc cqMI0vG7S/leL1eOI/7lNn3dgs1SyZMipr9a2Kj2mDO+ccZl7o9qAQkgGLcttSRvDCmi /irhZx6L2X0LWQM6x5sX1h9QaZO2C69xqu5WJ/jPnCHkv0EdxHv6zU+dSkQKI/fEBwRO wc+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=I5VuF0K9zmoPAZeeQ74jr6eVX7JetJEQJ4pAguG+5N0=; b=di/oGfBDIjBqMGm3g4GtZ8VFRmcKjJjCvvKHCVWhGTZCZxL795Q3bacAA9tcEq3PDA E0XGJJHk930M3mbrD8m6L8XLStSw2dDJ2M86ZydUoEKcpoKC6ZyyZ7+pGRYgei7doMfU oh9JBY99bYUO11uZBzGd+Bp8GD+p0f886POLEwwxnX26s4ZPVHiTWgyp6N2WvCcqalxP Wtn46gfEVwowRTxZm9rOKGnSXhaCXinPT5LVXK+Bc55N367QTS6dVAsUXjpKmRJF/RK0 qj/cAp87H3jmyjY9L7yaMty+LUAVReunzPPNSqcDGVUNoEW8gI9b+pl1LEwkKicObUAV yhcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sHxQPip+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id he9-20020a1709073d8900b00711d49f9985si12821754ejc.755.2022.06.27.15.42.37; Mon, 27 Jun 2022 15:43:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=sHxQPip+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242594AbiF0W2I (ORCPT + 99 others); Mon, 27 Jun 2022 18:28:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235728AbiF0W1y (ORCPT ); Mon, 27 Jun 2022 18:27:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F82618368 for ; Mon, 27 Jun 2022 15:27:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B23D461451 for ; Mon, 27 Jun 2022 22:27:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 19091C385A2 for ; Mon, 27 Jun 2022 22:27:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1656368872; bh=03aUzh2P41f8R3+uqRi+zXL9L2QyADNnmhukdx1x8oQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=sHxQPip+Xur4yX9gLzGSv7o4ZwtI+mzxy3S0mtmLBDT9g5g6NoG9Vm6zRO/bpJOSA /jJ3shMy+7w0c8YfP2iHb3BPFJvO7CzoudbvBf6CcL8UQtzuyf7qdPoe0llSWMTzvU 14DyMK022abu8QFEOU8Ogg8RSE/1CvVhBTXAyRtMyRG4bDLtqYnb2mL43LC9lU8jZn jV+34FhqgpgJ98Bpj9NXg+1EeKjk2WTzFuon7sl0CuO/Oyc44Fn1rLYBYuYOIEnS1v JH+agtLrzDqpoKDBV0DNW/y0RDuaYZXbmE4CvHCRgFnjkz6AIP9SHASYig8uNTBbL9 pXAEOm1XlZtPg== Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-3176b6ed923so99180387b3.11 for ; Mon, 27 Jun 2022 15:27:52 -0700 (PDT) X-Gm-Message-State: AJIora/ysefG9MtnUT0h3AaTyhNoBF78Wc32sCM/Jyf2XgnlwCW8OpEJ CK9dxmvt5c2prrbZUZaFuJFY+SUQFc5wtQ3VwCgLbA== X-Received: by 2002:a81:68e:0:b0:317:ca36:5807 with SMTP id 136-20020a81068e000000b00317ca365807mr16886302ywg.314.1656368870858; Mon, 27 Jun 2022 15:27:50 -0700 (PDT) MIME-Version: 1.0 References: <20220621233939.993579-1-fred@cloudflare.com> <20220627121137.cnmctlxxtcgzwrws@wittgenstein> <6a8fba0a-c9c9-61ba-793a-c2e0c2924f88@iogearbox.net> In-Reply-To: <6a8fba0a-c9c9-61ba-793a-c2e0c2924f88@iogearbox.net> From: KP Singh Date: Tue, 28 Jun 2022 00:27:40 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/2] Introduce security_create_user_ns() To: Daniel Borkmann Cc: Paul Moore , Christian Brauner , Frederick Lawler , Casey Schaufler , revest@chromium.org, jackmanb@chromium.org, ast@kernel.org, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, jmorris@namei.org, serge@hallyn.com, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@cloudflare.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 28, 2022 at 12:15 AM Daniel Borkmann wrote: > > On 6/27/22 11:56 PM, Paul Moore wrote: > > On Mon, Jun 27, 2022 at 8:11 AM Christian Brauner wrote: > >> On Thu, Jun 23, 2022 at 11:21:37PM -0400, Paul Moore wrote: > > > > ... > > > >>> This is one of the reasons why I usually like to see at least one LSM > >>> implementation to go along with every new/modified hook. The > >>> implementation forces you to think about what information is necessary > >>> to perform a basic access control decision; sometimes it isn't always > >>> obvious until you have to write the access control :) > >> > >> I spoke to Frederick at length during LSS and as I've been given to > >> understand there's a eBPF program that would immediately use this new > >> hook. Now I don't want to get into the whole "Is the eBPF LSM hook > >> infrastructure an LSM" but I think we can let this count as a legitimate > >> first user of this hook/code. > > > > Yes, for the most part I don't really worry about the "is a BPF LSM a > > LSM?" question, it's generally not important for most discussions. > > However, there is an issue unique to the BPF LSMs which I think is > > relevant here: there is no hook implementation code living under > > security/. While I talked about a hook implementation being helpful > > to verify the hook prototype, it is also helpful in providing an > > in-tree example for other LSMs; unfortunately we don't get that same > > example value when the initial hook implementation is a BPF LSM. > > I would argue that such a patch series must come together with a BPF > selftest which then i) contains an in-tree usage example, ii) adds BPF > CI test coverage. Shipping with a BPF selftest at least would be the > usual expectation. +1 I would also recommend that this comes with a BPF selftest as suggested by Daniel. > > Thanks, > Daniel