Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp6442460rwb; Tue, 9 Aug 2022 15:43:51 -0700 (PDT) X-Google-Smtp-Source: AA6agR5gkPvJWAVr502Wf+i/pndKLvU1PPI8Qaf2pcCbo8SREgH0SSWs3jrzjiySz3/lg5/JY1Ol X-Received: by 2002:a17:906:c10:b0:6f4:6c70:b00f with SMTP id s16-20020a1709060c1000b006f46c70b00fmr18852987ejf.660.1660085031081; Tue, 09 Aug 2022 15:43:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660085031; cv=none; d=google.com; s=arc-20160816; b=L0RM5tDOAQKe+nFTS32x6kEDP7vMrNy0gN9kg0+c3iNAb9MHvAf2fJyeFqzcJ7GY+H dkPS8zxIvFoXqNldrNZu9oYSKPKVdwJQeDRPaqBdlG8isH/q1oGU+gRG70BnSolESDWu lIkTaHm1DMOe+rPSNRrmawskBFG00FU3H6N9oqr02g792K8Aa/XBZ7rpxas3NNrOXP4X 7a6QJxVq9b7f4SAbEbBzOepg+PYbCzC7/CHUI10EDKL94hURpOLGr4aw9jov3/Kqoq/Q XdV1PHLdu26tPYPVsS5Vmdlja80cGwXzV6i1X4A1COkVFVVW7RlXk3Yeb3LGb3FbStXa 3hvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=1P7bSaIcMszYR+JCa8vqV0slOGBPYXltybusx5DtRDM=; b=pmi1ZX3mCD0UFzl9QewCgrsrvznfOyMhxXmnOzM8FLSosVVK4Xcg6vxipSlubBxYZ1 qJlPx7HsNbS+/TTZgDgJ+baz7KGPXK1FrqgY8T6SX2crgllv077xVmuZAwWeN/o9dx88 rVdxas7rZMkkSYafD72FFxs9mgYWe0DblSQ+FAVz7Ti6H5qNDOuRpPLLL9+rP2yQUjlZ malgcUDL9i6iUyIL2iqnwNSC8Tiog0wEMYKMeq2XkqmVm1PnQt+UI+Echssr7Yj3w1Vx WxWrvadeapULJdwsXgdX0MfdAkScVrUtj2QnPRAkW/t5hUz3ZWXYIPDv9/fjNtaba3f1 +6NQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=ymJZNj+3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q29-20020a056402249d00b0044089d29057si6846766eda.455.2022.08.09.15.43.24; Tue, 09 Aug 2022 15:43:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=ymJZNj+3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229568AbiHIWkb (ORCPT + 99 others); Tue, 9 Aug 2022 18:40:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229441AbiHIWk2 (ORCPT ); Tue, 9 Aug 2022 18:40:28 -0400 Received: from mail-oa1-x36.google.com (mail-oa1-x36.google.com [IPv6:2001:4860:4864:20::36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD7955C9D8 for ; Tue, 9 Aug 2022 15:40:25 -0700 (PDT) Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-10dc1b16c12so15758872fac.6 for ; Tue, 09 Aug 2022 15:40:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=1P7bSaIcMszYR+JCa8vqV0slOGBPYXltybusx5DtRDM=; b=ymJZNj+3ZRh6BJ8sdJOKWq3WWbUkXw6pah7LZ66RWLPU/lUKblHjIWaSbD/M/HlxZG XvRNSo3oVXm145SSS41Ho65tqsFjNeoaSyRIP0bW6D/OrQGUY/gDwhF2RxO+RUiMyfX8 raLd9fpQ1xyculvAnmt5+WPihY3ElIT/hyo2mQADbhYzhsin1meT8LB/8oVNtwdYglR2 8BXLy2uW5Fa5RgTdW9YWJ9qrdQxzYFC7yR7a+zVgLQlWAzRxP+H9g8KpL7B+wKqVG4DB gCXguHSRTkIZ5oafCKhLHLSwYLU2AXjEnpPWXLLbU4c91UgqdOJ2Ccc/AD0eJ2fxHc/n nDPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=1P7bSaIcMszYR+JCa8vqV0slOGBPYXltybusx5DtRDM=; b=3VCatTrQlxdoXOuD9fbjWlfkdZgDza4lA2nRbEM5ssHy/Goz8nlKPgix7clujv/G4X NKZgcJd0CTl84tJ7V+oaadgsW8rxpJ71jKUDubAjceXkAKrjWxRRnWhIOauh+A/zYBUi yOdDh6c/nOSKlm5DkZhPgaSRxm+U9qBrEhiyxNRBS4xYIeUoY8i+bXUeEeEc7qKyRY9D 6MIUG6fIuNZfAQ8pcA2maqBx10Ezy04QPjY57GaaTiayxhW2UltIz0LNNG+fG4Mf8IZj 2M6F/BWVRatblBaqgNpQi5lKiGBaVYtdmUwkzV6sqNahK6bD9mtIUSMQQkzAYHSrkxbj eQXw== X-Gm-Message-State: ACgBeo0Bf/Qp8ViLLH2vxFaw2SNrWJhpiAR8F8HYqLvfIptS8q5ZgZgm 2b7xq2hvoE5svxgTsEmNAOQlSNdd03SH8Xu80ChG X-Received: by 2002:a05:6870:9588:b0:101:c003:bfe6 with SMTP id k8-20020a056870958800b00101c003bfe6mr292354oao.41.1660084825048; Tue, 09 Aug 2022 15:40:25 -0700 (PDT) MIME-Version: 1.0 References: <20220801180146.1157914-1-fred@cloudflare.com> <87les7cq03.fsf@email.froward.int.ebiederm.org> <87wnbia7jh.fsf@email.froward.int.ebiederm.org> <877d3ia65v.fsf@email.froward.int.ebiederm.org> <87bksu8qs2.fsf@email.froward.int.ebiederm.org> <87czd95rjc.fsf@email.froward.int.ebiederm.org> <87a68dccyu.fsf@email.froward.int.ebiederm.org> In-Reply-To: <87a68dccyu.fsf@email.froward.int.ebiederm.org> From: Paul Moore Date: Tue, 9 Aug 2022 18:40:14 -0400 Message-ID: Subject: Re: [PATCH v4 0/4] Introduce security_create_user_ns() To: "Eric W. Biederman" Cc: Frederick Lawler , kpsingh@kernel.org, revest@chromium.org, jackmanb@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, shuah@kernel.org, brauner@kernel.org, casey@schaufler-ca.com, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, kernel-team@cloudflare.com, cgzones@googlemail.com, karl@bigbadwolfsecurity.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 9, 2022 at 5:41 PM Eric W. Biederman wrote: > Paul Moore writes: > > > > What level of due diligence would satisfy you Eric? > > Having a real conversation about what a change is doing and to talk > about it's merits and it's pro's and cons. I can't promise I would be > convinced but that is the kind of conversation it would take. Earlier today you talked about due diligence to ensure that userspace won't break and I provided my reasoning on why userspace would not break (at least not because of this change). Userspace might be blocked from creating a new user namespace due to a security policy, but that would be the expected and desired outcome, not breakage. As far as your most recent comment regarding merit and pros/cons, I believe we have had that discussion (quite a few times already); it just seems you are not satisfied with the majority's conclusion. Personally, I'm not sure there is anything more I can do to convince you that this patchset is reasonable; I'm going to leave it to others at this point, or we can all simply agree to disagree for the moment. Just as you haven't heard a compelling argument for this patchset, I haven't heard a compelling argument against it. Barring some significant new discussion point, or opinion, I still plan on merging this into the LSM next branch when the merge window closes next week so it has time to go through a full round of linux-next testing. Assuming no unresolvable problems are found during the additional testing I plan to send it to Linus during the v6.1 merge window and I'm guessing we will get to go through this all again. It's less than ideal, but I think this is where we are at right now. -- paul-moore.com