Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5321274rwb;
        Wed, 17 Aug 2022 15:35:24 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5hPTSCAwnTBrycNuJ/HtYOgdRGDgeaza/yX6G5+/ZWH+BqiZN/p5tFS8O60/FmNSp1dvhc
X-Received: by 2002:a05:6402:1943:b0:443:5ffb:b04e with SMTP id f3-20020a056402194300b004435ffbb04emr167460edz.230.1660775724121;
        Wed, 17 Aug 2022 15:35:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660775724; cv=none;
        d=google.com; s=arc-20160816;
        b=ymW40d/15i/y/qtFkYgHb+iAUE9r83n2g56QIydMpWNQQDFuHO8/L34HQxWbw9r8y4
         9vG0m/HtAec4AC+UQlxaijFpUHCN6JercXjEWMo+xftBNxTr0sYWS1VS2MrO0Fxbsar2
         TIDOr3dZvtdH6nMRb0bkZdkp8sBMcsQFF3BApS/hc2RXkeaBZd85hZVLDM++hc9tZ0iQ
         ejrhcUDxVnVrzoHhAOTkN/4NU+6cD9aodhTW1AuSiOWKQiPJMkqPLhtG2pgNKb5GQsmB
         4J5xpRkTeNOOnxvPQ0kpafyob6ofkR4vjUMXsgjhM/szJTUSFp+Ig0Xuf4E08ajzZbVE
         MhmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=/CTcFk+7lIOz0f66/sW+yd0rIladiacxraDVQHveddU=;
        b=QRFMMHoffrSN8y4OrrTErNXHFvcpblpjTP39Xz5hX4v+c1hYmbJuiSepVjFbbI9/EX
         LmLGKzsri6ZMWqXyiAPZKIsvB1CnFMQuedZaPqpnNaFki6Ox833SU2IhFcFdOQDIfH2t
         SidkfnvHuPpX8ToLEZfbwQPFFwXAlETGytUmjhEQ/Ze9794eAAjkBwIOA7XZgP7VmS7R
         C3eXXQKv19rUtMUAu3c5ojmuCHxids06Tw4HqN8qR3NZayCmj817P82CARsflow06ckB
         YTx7T3Vpe/lS0zujS9LB887V99js9yQveJDmxrS/1Fp8vjwZg+N0V1kPqG0UimAZthD8
         YnBg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=Z37nNyL7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i1-20020a05640242c100b0043e8006a816si3901edc.30.2022.08.17.15.34.58;
        Wed, 17 Aug 2022 15:35:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=Z37nNyL7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242378AbiHQVvP (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Wed, 17 Aug 2022 17:51:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54856 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238963AbiHQVvN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Aug 2022 17:51:13 -0400
Received: from mail-oa1-x2e.google.com (mail-oa1-x2e.google.com [IPv6:2001:4860:4864:20::2e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D10C72A24C
        for <linux-kernel@vger.kernel.org>; Wed, 17 Aug 2022 14:51:11 -0700 (PDT)
Received: by mail-oa1-x2e.google.com with SMTP id 586e51a60fabf-11be650aaccso9254416fac.6
        for <linux-kernel@vger.kernel.org>; Wed, 17 Aug 2022 14:51:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=/CTcFk+7lIOz0f66/sW+yd0rIladiacxraDVQHveddU=;
        b=Z37nNyL7fO7ofqzBqhsC8MAbzHXk1QozG1ARlNgf2r4n9sGA4oerk97YgCUalxM2mT
         fhO9INMD4HzzQ1aPLW8N0XehhCLxHPUPhhB2ZRsd51SQdMmoonliVtb6BNO3XaXqioUP
         yEQ/n8yVyhV7BjCADUL3h32ZxYj9GekLs3//TVqThFKgw9sZdbJf86XYIr1DAlZ8bmwG
         xzmKfuAuIDGZVS8TsOPgiMbuIvDri9visdfG8qtZqt2pulyENYyUXIOotM2uhDYmrwUt
         GN+YjefZ6mInoiQ6Eclx15Ltm0cQmwqruPbM5Tyh00SFGnU2OPWk4LHlvYLnPX/vMlx7
         IPbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=/CTcFk+7lIOz0f66/sW+yd0rIladiacxraDVQHveddU=;
        b=f1kE9Ioo1HHY2dIk7CADqTL9AVmgNmki+4Wgir2TJXdU1gtxddOz97hd7WYibyaaOb
         fCHsR0Wa/xHQ4JZtdXD7BQ8xrr/DmjO8pMeFdWHlrUiSIZn2hzo1flrbsYi1YzS4hgs7
         cV/3T3jZcY1pYOaqKJmJUKpnRwnLnJBhp6WcZQB55di+UfexiH/9QXSa5r5KKe0qJM1e
         a70fjxHlOaUV8KGEXfapxrODH7m2SEgBPiypVzMBp9nX+oYH+qcpjKseh4XpGyq11J63
         0Ox45M6CJrQxtPKix5WKrPJQi0uC1ljRRWVZSHX9DGFH+te0GMldnkFxyTMFi9ETZwLr
         lEAQ==
X-Gm-Message-State: ACgBeo0153U0y/F7P3Azv1iRUwz13uhr+86c51IjyXVBnpBqBvpT5Nvp
        n4VA8f+kw6ryzWw+nVd2cw40uKSEJh9E1aNIjRry
X-Received: by 2002:a05:6870:9588:b0:101:c003:bfe6 with SMTP id
 k8-20020a056870958800b00101c003bfe6mr2769479oao.41.1660773070428; Wed, 17 Aug
 2022 14:51:10 -0700 (PDT)
MIME-Version: 1.0
References: <20220815162028.926858-1-fred@cloudflare.com> <CAHC9VhTuxxRfJg=Ax5z87Jz6tq1oVRcppB444dHM2gP-FZrkTQ@mail.gmail.com>
 <8735dux60p.fsf@email.froward.int.ebiederm.org> <CAHC9VhSHJNLS-KJ-Rz1R12PQbqACSksLYLbymF78d5hMkSGc-g@mail.gmail.com>
 <871qte8wy3.fsf@email.froward.int.ebiederm.org> <CAHC9VhSU_sqMQwdoh0nAFdURqs_cVFbva8=otjcZUo8s+xyC9A@mail.gmail.com>
 <8735du7fnp.fsf@email.froward.int.ebiederm.org> <CAHC9VhQuRNxzgVeNhDy=p5+RHz5+bTH6zFdU=UvvEhyH1e962A@mail.gmail.com>
 <87tu6a4l83.fsf@email.froward.int.ebiederm.org>
In-Reply-To: <87tu6a4l83.fsf@email.froward.int.ebiederm.org>
From:   Paul Moore <paul@paul-moore.com>
Date:   Wed, 17 Aug 2022 17:50:59 -0400
Message-ID: <CAHC9VhQnPAsmjmKo-e84XDJ1wmaOFkTKPjjztsOa9Yrq+AeAQA@mail.gmail.com>
Subject: Re: [PATCH v5 0/4] Introduce security_create_user_ns()
To:     "Eric W. Biederman" <ebiederm@xmission.com>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Frederick Lawler <fred@cloudflare.com>, kpsingh@kernel.org,
        revest@chromium.org, jackmanb@chromium.org, ast@kernel.org,
        daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com,
        songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com,
        jmorris@namei.org, serge@hallyn.com,
        stephen.smalley.work@gmail.com, eparis@parisplace.org,
        shuah@kernel.org, brauner@kernel.org, casey@schaufler-ca.com,
        bpf@vger.kernel.org, linux-security-module@vger.kernel.org,
        selinux@vger.kernel.org, linux-kselftest@vger.kernel.org,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        kernel-team@cloudflare.com, cgzones@googlemail.com,
        karl@bigbadwolfsecurity.com, tixxdz@gmail.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 17, 2022 at 5:24 PM Eric W. Biederman <ebiederm@xmission.com> wrote:
> I object to adding the new system configuration knob.
>
> Especially when I don't see people explaining why such a knob is a good
> idea.  What is userspace going to do with this new feature that makes it
> worth maintaining in the kernel?

From https://lore.kernel.org/all/CAEiveUdPhEPAk7Y0ZXjPsD=Vb5hn453CHzS9aG-tkyRa8bf_eg@mail.gmail.com/

 "We have valid use cases not specifically related to the
  attack surface, but go into the middle from bpf observability
  to enforcement. As we want to track namespace creation, changes,
  nesting and per task creds context depending on the nature of
  the workload."
 -Djalal Harouni

From https://lore.kernel.org/linux-security-module/CALrw=nGT0kcHh4wyBwUF-Q8+v8DgnyEJM55vfmABwfU67EQn=g@mail.gmail.com/

 "[W]e do want to embrace user namespaces in our code and some of
  our workloads already depend on it. Hence we didn't agree to
  Debian's approach of just having a global sysctl. But there is
  "our code" and there is "third party" code, which might not even
  be open source due to various reasons. And while the path exists
  for that code to do something bad - we want to block it."
 -Ignat Korchagin

From https://lore.kernel.org/linux-security-module/CAHC9VhSKmqn5wxF3BZ67Z+-CV7sZzdnO+JODq48rZJ4WAe8ULA@mail.gmail.com/

 "I've heard you talk about bugs being the only reason why people
  would want to ever block user namespaces, but I think we've all
  seen use cases now where it goes beyond that.  However, even if
  it didn't, the need to build high confidence/assurance systems
  where big chunks of functionality can be disabled based on a
  security policy is a very real use case, and this patchset would
  help enable that."
 -Paul Moore (with apologies for self-quoting)

From https://lore.kernel.org/linux-security-module/CAHC9VhRSCXCM51xpOT95G_WVi=UQ44gNV=uvvG23p8wn16uYSA@mail.gmail.com/

 "One of the selling points of the BPF LSM is that it allows for
  various different ways of reporting and logging beyond audit.
  However, even if it was limited to just audit I believe that
  provides some useful justification as auditing fork()/clone()
  isn't quite the same and could be difficult to do at scale in
  some configurations."
 -Paul Moore (my apologies again)

From https://lore.kernel.org/linux-security-module/20220722082159.jgvw7jgds3qwfyqk@wittgenstein/

 "Nice and straightforward."
 -Christian Brauner

-- 
paul-moore.com