Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5275561rwb; Wed, 17 Aug 2022 14:38:04 -0700 (PDT) X-Google-Smtp-Source: AA6agR7qSGdhiMuEZmkiOpB++VLFCDLgD7r6L9cUqfHhweM/Rw6PJ9PAEbxYODttxFlBKNl2C84U X-Received: by 2002:a17:903:2601:b0:16d:b055:2985 with SMTP id jd1-20020a170903260100b0016db0552985mr28082419plb.161.1660772283979; Wed, 17 Aug 2022 14:38:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660772283; cv=none; d=google.com; s=arc-20160816; b=JvQyJwfia/ycpH8xp63GW7xcHErGFtme1pNC2AsQu3qpaO/+9rkuKt6h4T4j8CvBHP xJ+KviAKPST5xl5qUYXSDEhGh8FUloptF/weW1ca4+OIFOqSGqb+1UgfAwETXs5pT3rx JTUlNfQ6ZjxiUT8qZtWk7mOglAq97G9fIminb8UbCDbuFhHTCg/+/G5RoCmg5wg1PKCZ 7x9sdHN/2SHaSwe8RInM91ejcG03+FcKZVRJ13X6zUe3jrh37PWPXou+A3UFRmy1s/cY vpoEaXd20GyUDkTUhe3+WAKehuZ1Ruf8tBFDB97a59EcwRFazbEKIYxuPJhSF2o3WfoG jvIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=3nAF7A4zag+lbZIR/JeYceDw3xmVGJHxEljejc4+EMk=; b=MKmMbfjT5j/icaB2B88oJah3wfNDIpcZx4RigWCQ9R2R86Amp3UvDX/7E/UdYCU9c2 pbHE4zLTuUWqccfsDyOt7KNIOgAzrEVSebHVjb/ByJZBDitHh1r9hvpFYfVF71oy1P2Y GEfswQJGqyipzplZcC2Z5blaU/XXIGZuFESmRQ9n9g+0P3R50suxv8lHZK83BEJiINFf 6Hih46ESsG9/hChqLXCu80ePo2Ba00H+t79vUWlvqFQXk+VpUoUJj0Gl3OcIMnDoNrbf 3hXu3W8Tyo5UDMRh74hGHcJ7EqZFPPB/NOnCAO/+n9597qNurYkwnmg+m4rSprLpxEav QXgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=drRJBjO8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oj18-20020a17090b4d9200b001f3a8793077si2826925pjb.43.2022.08.17.14.37.52; Wed, 17 Aug 2022 14:38:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=drRJBjO8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242319AbiHQVJT (ORCPT + 99 others); Wed, 17 Aug 2022 17:09:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242316AbiHQVJR (ORCPT ); Wed, 17 Aug 2022 17:09:17 -0400 Received: from mail-oa1-x2b.google.com (mail-oa1-x2b.google.com [IPv6:2001:4860:4864:20::2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9377E402C8 for ; Wed, 17 Aug 2022 14:09:14 -0700 (PDT) Received: by mail-oa1-x2b.google.com with SMTP id 586e51a60fabf-11c5505dba2so3027628fac.13 for ; Wed, 17 Aug 2022 14:09:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=3nAF7A4zag+lbZIR/JeYceDw3xmVGJHxEljejc4+EMk=; b=drRJBjO8ZtYFWGv/xY6rGxrJuTubV5RfziGsueXADRqxRSQZsg8Dcv7T6sgwov1s1o 1cugYMMRd9VAhocoLUz+CFVkc+pIiqYIShCZewfgGMwc27fEMcjrr5tkVochcYJsr2K7 Qf4YzeaH+UsGXUNG07W+7MayVhDPPoAtkLY1RJPexfHPes+hA1COp3Qu+PUiivC7z3g9 FmozmoPv+QeTerF12DpUIbJfigr83yCgiygRITJISaSSQMkmvVaNi87LBM1O+/3HCh+T mrLIGsrXUBqW4+AvRNyY435qZuTangAOUK/Jd69gqGcD9APbQFG+UhAiY9ZXBiucW8cR H3/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=3nAF7A4zag+lbZIR/JeYceDw3xmVGJHxEljejc4+EMk=; b=h9b/7GoHQANIBXG4gug9QU2FCoOAoxpOCy22MF5Tw1oWZRVB0IjEiCyW9hZ6o2Ziye xyKJyI/v7KXy0Icm0fQS6wFWvPGMtDXyNGi+50wSXefLWmHFk5ju+Pj02e+2TSzmpJ5l MEr7L4sTfNL2yH35X5T2v1gLuqStTkmGClwOMZZ4iJIZ7Rg48Edv32E14wYftY/wyIRN mkW3oFybOQ5k2UGXhFZVHZ6/tpq78l1wbc2x5Hi2J8K/mjv/2CEZLnIPu+8DcDmEAWnv CvwVobiQNfP43mo71ZqvfQuGqWSGOArZxhLDfrHd2fqqIny1/jbt7WcMyqzeCmFs+m+p lHoQ== X-Gm-Message-State: ACgBeo0xkZ/wxbebmWDAQBL4Ucdy3i6wkQte0rxLqGNq5YcHVlcFmKyV NokuI2mtuyA+Go1GDKR23308sfzfy9nCmraoF9nk X-Received: by 2002:a05:6870:a78d:b0:11c:437b:ec70 with SMTP id x13-20020a056870a78d00b0011c437bec70mr2771915oao.136.1660770553733; Wed, 17 Aug 2022 14:09:13 -0700 (PDT) MIME-Version: 1.0 References: <20220815162028.926858-1-fred@cloudflare.com> <8735dux60p.fsf@email.froward.int.ebiederm.org> <871qte8wy3.fsf@email.froward.int.ebiederm.org> <8735du7fnp.fsf@email.froward.int.ebiederm.org> In-Reply-To: <8735du7fnp.fsf@email.froward.int.ebiederm.org> From: Paul Moore Date: Wed, 17 Aug 2022 17:09:07 -0400 Message-ID: Subject: Re: [PATCH v5 0/4] Introduce security_create_user_ns() To: "Eric W. Biederman" Cc: Linus Torvalds , Frederick Lawler , kpsingh@kernel.org, revest@chromium.org, jackmanb@chromium.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, shuah@kernel.org, brauner@kernel.org, casey@schaufler-ca.com, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, kernel-team@cloudflare.com, cgzones@googlemail.com, karl@bigbadwolfsecurity.com, tixxdz@gmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 17, 2022 at 4:56 PM Eric W. Biederman wrote: > Paul Moore writes: > > On Wed, Aug 17, 2022 at 3:58 PM Eric W. Biederman wrote: > >> Paul Moore writes: > >> > >> > At the end of the v4 patchset I suggested merging this into lsm/next > >> > so it could get a full -rc cycle in linux-next, assuming no issues > >> > were uncovered during testing > >> > >> What in the world can be uncovered in linux-next for code that has no in > >> tree users. > > > > The patchset provides both BPF LSM and SELinux implementations of the > > hooks along with a BPF LSM test under tools/testing/selftests/bpf/. > > If no one beats me to it, I plan to work on adding a test to the > > selinux-testsuite as soon as I'm done dealing with other urgent > > LSM/SELinux issues (io_uring CMD passthrough, SCTP problems, etc.); I > > run these tests multiple times a week (multiple times a day sometimes) > > against the -rcX kernels with the lsm/next, selinux/next, and > > audit/next branches applied on top. I know others do similar things. > > A layer of hooks that leaves all of the logic to userspace is not an > in-tree user for purposes of understanding the logic of the code. The BPF LSM selftests which are part of this patchset live in-tree. The SELinux hook implementation is completely in-tree with the subject/verb/object relationship clearly described by the code itself. After all, the selinux_userns_create() function consists of only two lines, one of which is an assignment. Yes, it is true that the SELinux policy lives outside the kernel, but that is because there is no singular SELinux policy for everyone. From a practical perspective, the SELinux policy is really just a configuration file used to setup the kernel at runtime; it is not significantly different than an iptables script, /etc/sysctl.conf, or any of the other myriad of configuration files used to configure the kernel during boot. -- paul-moore.com