Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp4950100rwb; Wed, 17 Aug 2022 08:32:48 -0700 (PDT) X-Google-Smtp-Source: AA6agR7Ti/GZ37WkJ4oNy/mPgSe11ln9uRf8Ms9fo/PTXyUgSgKuS0Yse4CHly/vrfOcxi4ub6ab X-Received: by 2002:a62:1ac1:0:b0:535:87d:d63f with SMTP id a184-20020a621ac1000000b00535087dd63fmr11647031pfa.74.1660750368036; Wed, 17 Aug 2022 08:32:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660750368; cv=none; d=google.com; s=arc-20160816; b=igL1B0Vz7UsM2XaLf41gD5zY/wiY6cKfnSPViJJg0tZiyC0VHEZWkoYCxArCQ3CGvt GDnvLk939flhEceYGaSyJn4iONLparwK3jjREhGCXA1MLmZyBBnsJzpEkIjT83IIAVD9 hFw8CtHbyIaDJT+S02GLSSLiq38LSqFvb0ArBQw7VhXOwiz65rscRFix0qUrUsFH21ZM ldO2mq4DajNJi3Ge/HBcWkuSH8tFodN8ekFbRwjeh6KUD+i2IFPd4vzKaLH2jN/ZsbWr LwtzRixWW1kuayaqXHVfSF6650k2EbxhdIoQzSbPHPdHbNyIfSUw/oTMJuLTm7RW9h2N sDtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=p6elRDyP8NYnM4v7agKH/wBfu4apiNL55+e+soKTTbc=; b=m3DGo1OGZmG4hpYyjUFLR6N4dbg3WXPzcQtetTxdqcGggduFTmcN2NX5xE2bdeB8eo brPQWu1QZfn1eKJsUYUQUJvOWQVLfXypCjtXOZ5fFSuhtdCZH4ebLlHGDmVgr2lJIXU2 N0s57h4LQyYB423aw6q+3ai0f413FKLHj6Kvr0/aWm5V+HhvJahjJ3EHc5VvydjWk4YE tB7UkcJ3zyZRkwWxH6MW5GXUn5avc4LE3bjkEP/WIEJ6YEGMjVrhou9cmZX/RRy32Ojr +LaLgLGdqNQ1E94WxIAT09E83ptUS6TqGTTKQg/QfMuXq1OHvSEUndrzlVW9pQ2/EOnw n1Ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=5EuNmx6M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u22-20020a170902a61600b00172a67c1371si66020plq.328.2022.08.17.08.32.36; Wed, 17 Aug 2022 08:32:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=5EuNmx6M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240309AbiHQOws (ORCPT + 99 others); Wed, 17 Aug 2022 10:52:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229503AbiHQOwr (ORCPT ); Wed, 17 Aug 2022 10:52:47 -0400 Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4DC590C5E for ; Wed, 17 Aug 2022 07:52:45 -0700 (PDT) Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-11be650aaccso7983899fac.6 for ; Wed, 17 Aug 2022 07:52:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc; bh=p6elRDyP8NYnM4v7agKH/wBfu4apiNL55+e+soKTTbc=; b=5EuNmx6MxrW8SWGqqbCOqzQ+s8Te51T3R6xgbA89Sk211auzMweoYrkEzMxjTE222U 6ajGCVZpwYoATV1wudJViEWYzHdMWE8hUymF6A4XgcUut55VxyH8THN525b59Ojd7Ztx YU+CVtzxve+a5I1GgsWNYnyT1oNDagT7mlXZ9R6nnZeAGKKjXnfRsVUK4PBaSC71+tNX umoDlvWCN6b+g0o5fhq9JbSNm22rqjIfhohpDpUGJAdGySjc8SFqxKoevcEfRIkUrP3f +D9Flane7vSbSlWpkP8LIEc1QAsQGoaS5RHdk8l+M97CO/LUjpNHZfVyR2Ej6JHu0Mxz Ei3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc; bh=p6elRDyP8NYnM4v7agKH/wBfu4apiNL55+e+soKTTbc=; b=1W4Sv2sl6q9JUthF5L2LTrycdNNwRcBSwZT+/piB8aH3R0ndhYjVr//7BVGr1MlOky 3+vf+qZd47jXKCI/6XhNo4gPqFE9DV9YjGx244mIpBZoZJy1YRxoBmRgHcdd+dlqe2pb PgGKgEkg5cJVGcGkpsQK3IOMXWb8KgO/ePVmuFAard/3KIkgQKa2xI8ji8W9xdvLRY8J NULrfwFPBCr97i42dXBW1qAODAkG+9NovNk5rNBdMROw8OQ71Lbyvj8cDeo7oWBQEULy OZVctIiLUrpN9Z/DLhB93Bl7jGn4i0am60P0aSk0Up6YMQcFHNiRZV8jxwhcWYcpfe0+ sRvA== X-Gm-Message-State: ACgBeo2RfyQIKAM1W7jS9D1EwBZgd+FknRHqgzjVlL9uK61i9hgdQFcx LA5vlt9Gun9LDZVpyt549+g4Ab1eUUTdvkpBeeFK X-Received: by 2002:a05:6870:9588:b0:101:c003:bfe6 with SMTP id k8-20020a056870958800b00101c003bfe6mr1902929oao.41.1660747965093; Wed, 17 Aug 2022 07:52:45 -0700 (PDT) MIME-Version: 1.0 References: <20220725124123.12975-1-flaniel@linux.microsoft.com> <4420381.LvFx2qVVIh@pwmachine> In-Reply-To: <4420381.LvFx2qVVIh@pwmachine> From: Paul Moore Date: Wed, 17 Aug 2022 10:52:34 -0400 Message-ID: Subject: Re: [RFC PATCH v4 0/2] Add capabilities file to securityfs To: Francis Laniel Cc: linux-security-module@vger.kernel.org, Casey Schaufler , Eric Biederman , Serge Hallyn , James Morris , open list , "open list:BPF [MISC]" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 17, 2022 at 7:53 AM Francis Laniel wrote: > Le mardi 16 ao=C3=BBt 2022, 23:59:41 CEST Paul Moore a =C3=A9crit : > > On Mon, Jul 25, 2022 at 8:42 AM Francis Laniel > > > > wrote: > > > Hi. > > > > > > First, I hope you are fine and the same for your relatives. > > > > Hi Francis :) > > > > > A solution to this problem could be to add a way for the userspace to= ask > > > the kernel about the capabilities it offers. > > > So, in this series, I added a new file to securityfs: > > > /sys/kernel/security/capabilities. > > > The goal of this file is to be used by "container world" software to = know > > > kernel capabilities at run time instead of compile time. > > > > ... > > > > > The kernel already exposes the last capability number under: > > > /proc/sys/kernel/cap_last_cap > > > > I'm not clear on why this patchset is needed, why can't the > > application simply read from "cap_last_cap" to determine what > > capabilities the kernel supports? > > When you capabilities with, for example, docker, you will fill capabiliti= es > like this: > docker run --rm --cap-add SYS_ADMIN debian:latest echo foo > As a consequence, the "echo foo" will be run with CAP_SYS_ADMIN set. > > Sadly, each time a new capability is added to the kernel, it means "conta= iner > stack" software should add a new string corresponding to the number of th= e > capabilities [1]. Thanks for clarifying things, I thought you were more concerned about detecting what capabilities the running kernel supported, I didn't realize it was getting a string literal for each supported capability. Unless there is a significant show of support for this - and I'm guessing there isn't due to the lack of comments - I don't think this is something we want to add to the kernel, especially since the kernel doesn't really care about the capabilities' names, it's the number that matters. --=20 paul-moore.com