Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5016557rwb;
        Wed, 17 Aug 2022 09:34:38 -0700 (PDT)
X-Google-Smtp-Source: AA6agR4rPtocU4rOXSJA4/o5ydRE+tWwbUCVeCbeyfgh+vl/QEncf+kjvWXsq7uuiKXZq47fysJd
X-Received: by 2002:a17:907:3e01:b0:730:a690:a211 with SMTP id hp1-20020a1709073e0100b00730a690a211mr17192702ejc.596.1660754078350;
        Wed, 17 Aug 2022 09:34:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660754078; cv=none;
        d=google.com; s=arc-20160816;
        b=j+71k6HXVZyQCJwBlHYQP3WzgHYR7Uqgmj/I23VuZaoJJ4u+zNosZJXrfX/yNgVL0R
         nuq5AqfYFwHmJeNUlg5vR7pQmsFrI2fr2Wj75s9ATEVC8FFtsw8/c8qFmU+kJlq2y/ej
         Sgx4DWRJHgBdQasjWuV6a3TNGHp1Xrncnze/teuAONe4gBJjAS9RbIAs1nSycHWjnuKg
         KLaW4lY5yfMnnrMHLMIF8bWWdpbAOTpUz/TfvCIhOolrALwe/qKB2PYfWPT3b3Psb1ue
         b7T+uMAIuOGZGPuWmeFK6Sl1piPXi9zIuBHQ7XbPhTLks7aIpHWpjpw/fydyRRfZnOqv
         gkPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=QjyUDvJ7iwmc0ra7oOeyYvg1tNnn3D1w9sE1ADUUeFk=;
        b=hs5sPiSFX5chHR53tFtZO8bhbU/Pg7fUEYEk8x/Q7Gd9fDxelGWY942qk4Km/JUmWz
         rUDXB8aiI7XN6W9EoU+AN7reQfsU6k6DyGKOaDKgaA/Gu9BkO2tXKCe6CsISrAx+14Zk
         3b+m/B6lmaoyjIxrBcjq5e3Wr+swjS/nIi25XqXz05gHNQfv7PY2G7TswOoLBgTnFEfT
         YKOb16a7dIKLkjND30XMdKugEuYkJW7R483UicQ+moE5/sYl+0atSgNIyBhFAc1MbDD1
         jBoWECPgSXqbTv5Yf+1VQqhb6GzjCiVB4ert/WWXm9OOp6VG6DkPRVGO3ZzJ81L6ArCw
         cM2A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=lsO3jJGA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ka1-20020a170907990100b007311eb6b78dsi2115574ejc.150.2022.08.17.09.34.12;
        Wed, 17 Aug 2022 09:34:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=lsO3jJGA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240171AbiHQQB5 (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Wed, 17 Aug 2022 12:01:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43208 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240143AbiHQQBy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Aug 2022 12:01:54 -0400
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27FD89E13A
        for <linux-kernel@vger.kernel.org>; Wed, 17 Aug 2022 09:01:52 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id v12-20020a9d7d0c000000b00638e210c995so1458094otn.13
        for <linux-kernel@vger.kernel.org>; Wed, 17 Aug 2022 09:01:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=QjyUDvJ7iwmc0ra7oOeyYvg1tNnn3D1w9sE1ADUUeFk=;
        b=lsO3jJGAgKnlwg/EP5AW1QClcxpSPMzwfKK7ZrUVBas+QB1c4o/nIkJ+AtoVIsGNPo
         /fxrgQX7Pudy3dL3OOnSrOSbKY0mSZs0xmGbkOhueAgqMf3dJKqFN22NM2YeRCFiGQWw
         M0jpuI0ixf5xWd4DZtwDW5uiM6JQbdvyjw2AOwwGR9TXseNHTFlda4QkSXjShKW6wrne
         Cb7XJ8nljWuGbx/7WMnM+eabP7WgNDuHh0h/vRbrPUDyCu9hxXAglP+bdMeOMqaODLuq
         aFVmeTq3ET1DLeFdSLaaipA3MtYPBNSDM49uzLnn85Jz0RDE73xHlHXHFGb0zKQIPKau
         2Dsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=QjyUDvJ7iwmc0ra7oOeyYvg1tNnn3D1w9sE1ADUUeFk=;
        b=hinGryB+KBtLwrzmSoVH/MiZ3PD+U00FJBcx054ouxymCW55U253DzwR3lC+ug/HQ7
         HpD/xf6lnjGi0bbsLV+3gEllsGGFhYFDI3snKmB8Z5RKZikViFpFwYO14QOapUay1FUp
         FHLYD8wN25LcWE9I5jNY9wa/E5B1Fqi4/8NJTK0m9uZHoCWUgnf9oz4lHqs9S9WslhSe
         Pbxk2iaNPoIwyGRVt7fajylSx0zu6BhRw5wC+pyPxxFJk2dEI6E7wSWFcTsKraNOMR/i
         zPnkqRJSdyF9dXNjzJhkerq1m5odsEdPriq9sEoFLw+Rns0oFaLnGdsgBXWxjZY1f7bJ
         a00A==
X-Gm-Message-State: ACgBeo3Dpb08U3HwoHRcegbb6fsEC0qWnuiwSWLj3vlQPO3Pxdkv7ejA
        k87p8Y5tBiYNUvU6zq3nG4Swb9UIttyuRPAZR3I/
X-Received: by 2002:a05:6830:449e:b0:638:c72b:68ff with SMTP id
 r30-20020a056830449e00b00638c72b68ffmr3536226otv.26.1660752110415; Wed, 17
 Aug 2022 09:01:50 -0700 (PDT)
MIME-Version: 1.0
References: <20220815162028.926858-1-fred@cloudflare.com> <CAHC9VhTuxxRfJg=Ax5z87Jz6tq1oVRcppB444dHM2gP-FZrkTQ@mail.gmail.com>
 <8735dux60p.fsf@email.froward.int.ebiederm.org>
In-Reply-To: <8735dux60p.fsf@email.froward.int.ebiederm.org>
From:   Paul Moore <paul@paul-moore.com>
Date:   Wed, 17 Aug 2022 12:01:39 -0400
Message-ID: <CAHC9VhSHJNLS-KJ-Rz1R12PQbqACSksLYLbymF78d5hMkSGc-g@mail.gmail.com>
Subject: Re: [PATCH v5 0/4] Introduce security_create_user_ns()
To:     "Eric W. Biederman" <ebiederm@xmission.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Frederick Lawler <fred@cloudflare.com>, kpsingh@kernel.org,
        revest@chromium.org, jackmanb@chromium.org, ast@kernel.org,
        daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com,
        songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com,
        jmorris@namei.org, serge@hallyn.com,
        stephen.smalley.work@gmail.com, eparis@parisplace.org,
        shuah@kernel.org, brauner@kernel.org, casey@schaufler-ca.com,
        bpf@vger.kernel.org, linux-security-module@vger.kernel.org,
        selinux@vger.kernel.org, linux-kselftest@vger.kernel.org,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        kernel-team@cloudflare.com, cgzones@googlemail.com,
        karl@bigbadwolfsecurity.com, tixxdz@gmail.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 17, 2022 at 11:08 AM Eric W. Biederman
<ebiederm@xmission.com> wrote:
> > I just merged this into the lsm/next tree, thanks for seeing this
> > through Frederick, and thank you to everyone who took the time to
> > review the patches and add their tags.
> >
> >   git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git next
>
> Paul, Frederick
>
> I repeat my NACK, in part because I am being ignored and in part
> because the hook does not make technical sense.
>
> Linus I want you to know that this has been put in the lsm tree against
> my explicit and clear objections.

Eric, we are disagreeing with you, not ignoring you; that's an
important distinction.  This is the fifth iteration of the patchset,
or the sixth (?) if you could Frederick's earlier attempts using the
credential hooks, and with each revision multiple people have tried to
work with you to find a mutually agreeable solution to the use cases
presented by Frederick and others.  In the end of the v4 discussion it
was my opinion that you kept moving the goalposts in an effort to
prevent any additional hooks/controls/etc. to the user namespace code
which is why I made the decision to merge the code into the lsm/next
branch against your wishes.  Multiple people have come out in support
of this functionality, and you remain the only one opposed to the
change; normally a maintainer's objection would be enough to block the
change, but it is my opinion that Eric is acting in bad faith.

At the end of the v4 patchset I suggested merging this into lsm/next
so it could get a full -rc cycle in linux-next, assuming no issues
were uncovered during testing I was planning to send it to Linus
during the next merge window with commentary on the contentiousness of
the patchset, including Eric's NACK.  I'm personally very disappointed
that it has come to this, but I'm at a loss of how to work with you
(Eric) to find a solution; this is the only path forward that I can
see at this point.  Others have expressed their agreement with this
approach, both on-list and privately.

If anyone other than Eric or myself has a different view of the
situation, *please* add your comments now.  I believe I've done a fair
job of summarizing things, but everyone has a bias and I'm definitely
no exception.

Finally, I'm going to refrain from rehashing the same arguments over
again in this revision of the patchset, instead I'll just provide
links to the previous drafts in case anyone wants to spend an hour or
two:

Revision v1
https://lore.kernel.org/linux-security-module/20220621233939.993579-1-fred@cloudflare.com/

Revision v2
https://lore.kernel.org/linux-security-module/20220707223228.1940249-1-fred@cloudflare.com/

Revision v3
https://lore.kernel.org/linux-security-module/20220721172808.585539-1-fred@cloudflare.com/

Revision v4
https://lore.kernel.org/linux-security-module/20220801180146.1157914-1-fred@cloudflare.com/

--
paul-moore.com