Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp90002rwb; Wed, 5 Oct 2022 15:14:12 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4vfvea+EyXzTexQ0EXwjgpV8h9J6CiKcjaRZ321fILK0ZHtZzEzrOOUzDcamJY4bv/683t X-Received: by 2002:a62:e411:0:b0:562:2f99:578d with SMTP id r17-20020a62e411000000b005622f99578dmr1783570pfh.73.1665008052246; Wed, 05 Oct 2022 15:14:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665008052; cv=none; d=google.com; s=arc-20160816; b=ZF97ybqgPrIR3TgVlR69FsMBrQmlXHF7UJVTIZjIviKZqJ0X0VYGZgjWSu9gsa903G YgK8JmtOl873EIVcOh9MHW3EkNYKqp8P7ygL+thUp3b8KGc/GbAsm2CkNjMqGg2g2qQv 21GR5s6akNk1wdbMufjaAtslaNkAxO8021CChv5sbgo/lgJyr3dhx68gDfuDoy6xlcu9 gzXw28cf0Jo2j7kr3tL2NXwt+Jkc8zlUwwkbrT6vhsybxnSOXL/7Wm22k56gB/JzVtf7 h6K38frAeWquI9S/z/2kLXb0RwmjOfOmQmlGA26HTPUmIEP8KkZwxeGbGGqH0p6qnIVm m5gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:mime-version:user-agent:message-id :in-reply-to:date:references:cc:to:from; bh=zOJjiCD/c/Oh0W57YOZkof2+ImgzXGHnDc2uqSevTng=; b=tuA9wMQKLkXQj0Y3RTe5BxZ9ipy14EifQKOP/HOZ5/lBjMdOmbocDTsQKF94SbFbBu /jyFzqG1MdGkdi5Rpazzf4p89sncX6P/UHkEepVjpYlMJ+raIIPre+DnQdS6q2IwIHzn kaeD2E+3X0sRcXJkluMYIV/fcAYSNraZDUaxzbSgxjSQtkctXu2PClbnf+Y6QWZJ8RmY s8LEm8kLwC8lIcS1d5ekSwR/v00UaQb5S7TUcHhOhuOiApb06We3X4tHshpZC/x/AvTQ osqx+wAo4kNCpE6zQW0BZiS43E38eKjXYqvfvCwKQ4H5ZeLHpPPRXGpXxyOYZVmM/2K+ LtwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l71-20020a63884a000000b0044d5196773dsi10150128pgd.32.2022.10.05.15.13.36; Wed, 05 Oct 2022 15:14:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230252AbiJEV2X (ORCPT + 99 others); Wed, 5 Oct 2022 17:28:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229681AbiJEV2T (ORCPT ); Wed, 5 Oct 2022 17:28:19 -0400 Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC78D6C740; Wed, 5 Oct 2022 14:28:18 -0700 (PDT) Received: from in01.mta.xmission.com ([166.70.13.51]:41014) by out02.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1ogBw8-00D173-0e; Wed, 05 Oct 2022 15:28:16 -0600 Received: from ip68-110-29-46.om.om.cox.net ([68.110.29.46]:53660 helo=email.froward.int.ebiederm.org.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1ogBw6-00AJ8c-Ti; Wed, 05 Oct 2022 15:28:15 -0600 From: "Eric W. Biederman" To: Paul Moore Cc: Linus Torvalds , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org References: <87sfk3mim9.fsf@email.froward.int.ebiederm.org> <87r0zmigx6.fsf@email.froward.int.ebiederm.org> <87a66ae15h.fsf@email.froward.int.ebiederm.org> Date: Wed, 05 Oct 2022 16:27:09 -0500 In-Reply-To: (Paul Moore's message of "Wed, 5 Oct 2022 12:04:27 -0400") Message-ID: <874jwic66q.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1ogBw6-00AJ8c-Ti;;;mid=<874jwic66q.fsf@email.froward.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=68.110.29.46;;;frm=ebiederm@xmission.com;;;spf=softfail X-XM-AID: U2FsdGVkX1+pzk/xFxwA038CMk9+07SgSJFZrrAJ06o= X-SA-Exim-Connect-IP: 68.110.29.46 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ****;Paul Moore X-Spam-Relay-Country: X-Spam-Timing: total 478 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 11 (2.3%), b_tie_ro: 10 (2.0%), parse: 0.88 (0.2%), extract_message_metadata: 18 (3.7%), get_uri_detail_list: 1.85 (0.4%), tests_pri_-1000: 29 (6.0%), tests_pri_-950: 1.27 (0.3%), tests_pri_-900: 0.94 (0.2%), tests_pri_-90: 78 (16.4%), check_bayes: 76 (15.9%), b_tokenize: 7 (1.4%), b_tok_get_all: 8 (1.7%), b_comp_prob: 2.5 (0.5%), b_tok_touch_all: 55 (11.5%), b_finish: 1.31 (0.3%), tests_pri_0: 308 (64.4%), check_dkim_signature: 0.94 (0.2%), check_dkim_adsp: 4.1 (0.9%), poll_dns_idle: 0.04 (0.0%), tests_pri_10: 3.8 (0.8%), tests_pri_500: 24 (5.1%), rewrite_mail: 0.00 (0.0%) Subject: Re: [GIT PULL] LSM patches for v6.1 X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Paul Moore writes: > On Wed, Oct 5, 2022 at 11:33 AM Eric W. Biederman wrote: >> Paul Moore writes: >> > On Wed, Oct 5, 2022 at 8:39 AM Eric W. Biederman wrote: >> >> Linus Torvalds writes: > > ... > >> >> Effectively he said that where two or more out of tree LSM policies want >> >> something it makes no sense to discussion the actual reasons people want >> >> to use the hook. >> > >> > Runtime kernel configuration is inherently "out of tree", this >> > includes not only loadable LSM security policies (e.g. a SELinux >> > policy), the system's firewall configuration, things like sysctl.conf, >> > and countless others. Please understand that "out of tree" in this >> > context is not the same as when it is used in the context of kernel >> > code; the former is actually a positive thing ("look we can configure >> > the kernel behavior the way we want!") while the latter is a >> > maintenance and support nightmare. >> >> Paul are you saying my experience with /proc/net pointing incorrectly at >> /proc/self/net instead of /proc/thread-self/net is invalid? > > My comment was that runtime kernel configuration is always going to be > out of tree due to its very nature, and conflating runtime > configuration with kernel code is a mistake. When the runtime configuration has it's own llvm backend I have trouble seeing the difference. It is code that controls kernel behavior that does not live in the kernel. Apparmor and selinux polices are not quite that generic but as I have discovered much to my pain routine clean-ups that userspace does not care about are blocked because apparmor and selinux policies have bugs. When I can not fix kernel bugs because of policy bugs, it has the same kind of effect as keeping an interface the same for out of tree code. A little worse actually. Most kernel runtime configuration is a on/off of a numeric setting with logic that is enabled by that in the kernel. Those I can agree are not the same. Given that the logic and it's bugs are going to be out of tree I do not agree that we should only consider what goes into the kernel when looking into that kind of code. Instead we should treat it will all of the due diligence that we attempt to use when creating a system call. That very much has not happened here. Eric