Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5016557rwb; Wed, 17 Aug 2022 09:34:38 -0700 (PDT) X-Google-Smtp-Source: AA6agR4rPtocU4rOXSJA4/o5ydRE+tWwbUCVeCbeyfgh+vl/QEncf+kjvWXsq7uuiKXZq47fysJd X-Received: by 2002:a17:907:3e01:b0:730:a690:a211 with SMTP id hp1-20020a1709073e0100b00730a690a211mr17192702ejc.596.1660754078350; Wed, 17 Aug 2022 09:34:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660754078; cv=none; d=google.com; s=arc-20160816; b=j+71k6HXVZyQCJwBlHYQP3WzgHYR7Uqgmj/I23VuZaoJJ4u+zNosZJXrfX/yNgVL0R nuq5AqfYFwHmJeNUlg5vR7pQmsFrI2fr2Wj75s9ATEVC8FFtsw8/c8qFmU+kJlq2y/ej Sgx4DWRJHgBdQasjWuV6a3TNGHp1Xrncnze/teuAONe4gBJjAS9RbIAs1nSycHWjnuKg KLaW4lY5yfMnnrMHLMIF8bWWdpbAOTpUz/TfvCIhOolrALwe/qKB2PYfWPT3b3Psb1ue b7T+uMAIuOGZGPuWmeFK6Sl1piPXi9zIuBHQ7XbPhTLks7aIpHWpjpw/fydyRRfZnOqv gkPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=QjyUDvJ7iwmc0ra7oOeyYvg1tNnn3D1w9sE1ADUUeFk=; b=hs5sPiSFX5chHR53tFtZO8bhbU/Pg7fUEYEk8x/Q7Gd9fDxelGWY942qk4Km/JUmWz rUDXB8aiI7XN6W9EoU+AN7reQfsU6k6DyGKOaDKgaA/Gu9BkO2tXKCe6CsISrAx+14Zk 3b+m/B6lmaoyjIxrBcjq5e3Wr+swjS/nIi25XqXz05gHNQfv7PY2G7TswOoLBgTnFEfT YKOb16a7dIKLkjND30XMdKugEuYkJW7R483UicQ+moE5/sYl+0atSgNIyBhFAc1MbDD1 jBoWECPgSXqbTv5Yf+1VQqhb6GzjCiVB4ert/WWXm9OOp6VG6DkPRVGO3ZzJ81L6ArCw cM2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=lsO3jJGA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ka1-20020a170907990100b007311eb6b78dsi2115574ejc.150.2022.08.17.09.34.12; Wed, 17 Aug 2022 09:34:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=lsO3jJGA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240171AbiHQQB5 (ORCPT + 99 others); Wed, 17 Aug 2022 12:01:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240143AbiHQQBy (ORCPT ); Wed, 17 Aug 2022 12:01:54 -0400 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27FD89E13A for ; Wed, 17 Aug 2022 09:01:52 -0700 (PDT) Received: by mail-ot1-x32d.google.com with SMTP id v12-20020a9d7d0c000000b00638e210c995so1458094otn.13 for ; Wed, 17 Aug 2022 09:01:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=QjyUDvJ7iwmc0ra7oOeyYvg1tNnn3D1w9sE1ADUUeFk=; b=lsO3jJGAgKnlwg/EP5AW1QClcxpSPMzwfKK7ZrUVBas+QB1c4o/nIkJ+AtoVIsGNPo /fxrgQX7Pudy3dL3OOnSrOSbKY0mSZs0xmGbkOhueAgqMf3dJKqFN22NM2YeRCFiGQWw M0jpuI0ixf5xWd4DZtwDW5uiM6JQbdvyjw2AOwwGR9TXseNHTFlda4QkSXjShKW6wrne Cb7XJ8nljWuGbx/7WMnM+eabP7WgNDuHh0h/vRbrPUDyCu9hxXAglP+bdMeOMqaODLuq aFVmeTq3ET1DLeFdSLaaipA3MtYPBNSDM49uzLnn85Jz0RDE73xHlHXHFGb0zKQIPKau 2Dsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=QjyUDvJ7iwmc0ra7oOeyYvg1tNnn3D1w9sE1ADUUeFk=; b=hinGryB+KBtLwrzmSoVH/MiZ3PD+U00FJBcx054ouxymCW55U253DzwR3lC+ug/HQ7 HpD/xf6lnjGi0bbsLV+3gEllsGGFhYFDI3snKmB8Z5RKZikViFpFwYO14QOapUay1FUp FHLYD8wN25LcWE9I5jNY9wa/E5B1Fqi4/8NJTK0m9uZHoCWUgnf9oz4lHqs9S9WslhSe Pbxk2iaNPoIwyGRVt7fajylSx0zu6BhRw5wC+pyPxxFJk2dEI6E7wSWFcTsKraNOMR/i zPnkqRJSdyF9dXNjzJhkerq1m5odsEdPriq9sEoFLw+Rns0oFaLnGdsgBXWxjZY1f7bJ a00A== X-Gm-Message-State: ACgBeo3Dpb08U3HwoHRcegbb6fsEC0qWnuiwSWLj3vlQPO3Pxdkv7ejA k87p8Y5tBiYNUvU6zq3nG4Swb9UIttyuRPAZR3I/ X-Received: by 2002:a05:6830:449e:b0:638:c72b:68ff with SMTP id r30-20020a056830449e00b00638c72b68ffmr3536226otv.26.1660752110415; Wed, 17 Aug 2022 09:01:50 -0700 (PDT) MIME-Version: 1.0 References: <20220815162028.926858-1-fred@cloudflare.com> <8735dux60p.fsf@email.froward.int.ebiederm.org> In-Reply-To: <8735dux60p.fsf@email.froward.int.ebiederm.org> From: Paul Moore Date: Wed, 17 Aug 2022 12:01:39 -0400 Message-ID: Subject: Re: [PATCH v5 0/4] Introduce security_create_user_ns() To: "Eric W. Biederman" , Linus Torvalds Cc: Frederick Lawler , kpsingh@kernel.org, revest@chromium.org, jackmanb@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, shuah@kernel.org, brauner@kernel.org, casey@schaufler-ca.com, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, kernel-team@cloudflare.com, cgzones@googlemail.com, karl@bigbadwolfsecurity.com, tixxdz@gmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 17, 2022 at 11:08 AM Eric W. Biederman wrote: > > I just merged this into the lsm/next tree, thanks for seeing this > > through Frederick, and thank you to everyone who took the time to > > review the patches and add their tags. > > > > git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git next > > Paul, Frederick > > I repeat my NACK, in part because I am being ignored and in part > because the hook does not make technical sense. > > Linus I want you to know that this has been put in the lsm tree against > my explicit and clear objections. Eric, we are disagreeing with you, not ignoring you; that's an important distinction. This is the fifth iteration of the patchset, or the sixth (?) if you could Frederick's earlier attempts using the credential hooks, and with each revision multiple people have tried to work with you to find a mutually agreeable solution to the use cases presented by Frederick and others. In the end of the v4 discussion it was my opinion that you kept moving the goalposts in an effort to prevent any additional hooks/controls/etc. to the user namespace code which is why I made the decision to merge the code into the lsm/next branch against your wishes. Multiple people have come out in support of this functionality, and you remain the only one opposed to the change; normally a maintainer's objection would be enough to block the change, but it is my opinion that Eric is acting in bad faith. At the end of the v4 patchset I suggested merging this into lsm/next so it could get a full -rc cycle in linux-next, assuming no issues were uncovered during testing I was planning to send it to Linus during the next merge window with commentary on the contentiousness of the patchset, including Eric's NACK. I'm personally very disappointed that it has come to this, but I'm at a loss of how to work with you (Eric) to find a solution; this is the only path forward that I can see at this point. Others have expressed their agreement with this approach, both on-list and privately. If anyone other than Eric or myself has a different view of the situation, *please* add your comments now. I believe I've done a fair job of summarizing things, but everyone has a bias and I'm definitely no exception. Finally, I'm going to refrain from rehashing the same arguments over again in this revision of the patchset, instead I'll just provide links to the previous drafts in case anyone wants to spend an hour or two: Revision v1 https://lore.kernel.org/linux-security-module/20220621233939.993579-1-fred@cloudflare.com/ Revision v2 https://lore.kernel.org/linux-security-module/20220707223228.1940249-1-fred@cloudflare.com/ Revision v3 https://lore.kernel.org/linux-security-module/20220721172808.585539-1-fred@cloudflare.com/ Revision v4 https://lore.kernel.org/linux-security-module/20220801180146.1157914-1-fred@cloudflare.com/ -- paul-moore.com