Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp124373rwb; Wed, 5 Oct 2022 15:53:20 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7/w4Slz3v8nE20958yjIZboHhlojNhA9bzl13mDNPKIpDDpn5T3AKD9jH/FVMnQ96R9A7R X-Received: by 2002:a17:902:ea0b:b0:178:336f:eaec with SMTP id s11-20020a170902ea0b00b00178336feaecmr1699093plg.53.1665010400604; Wed, 05 Oct 2022 15:53:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665010400; cv=none; d=google.com; s=arc-20160816; b=T+MZJafArM+NwHUSNtn7rsNCajHzT1qStgJHxTeLaYeCMhDIR6SRf8cNRy3g6lxpKw NS04pK/mqGQ+NEhFCbgaaBBaUYUu0EREiMYwsn4crtGYiAMQuDX9Ss5juMQxChfyEJ/K Mr62NNe0BoDkICE8cDEdPBQn4WWM+kJWLbcFHIi7wh0z3hlk4cClkDulJ+1IsaFclTj+ F78BOAUR07usZRZ+YV6L3JDUn2HujHl5aGoGk543ZhXL6MPPkZF8tDsB9tNjmqUa3Yeu k14OUrHnYMAxJxVpKLe3r0k3VixEOHF2SuAID0jLZB+R9CqGc5FpOHhfhWE/tWRR1w0x PZ7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7/IEhAoDkrzzX8X0U3ubIc7ql44z59RBqzANu2Z5Uf0=; b=ggqyb3kx2dLvTTVoSrd45hc/SKUxlmgN38I2/TRTSsRGDE0rAPIRKNX7S2nK2xbgEC oJvhuCseCtnTvZXJtDDxzD50spFXZKw1eBJ2RcrueUFu+8io5JMJQpwAIcdXnXgcQkdL LT31vRk61V6Ijpy7dk6U8pwzJhVRVcXpzqw7yWGhNoqNVkP19EUk/TK5GeYbiVxsUIuu CqA5TrjAoYKJy74IwqN3rKwmitLrnyMXxjBMs7VtC1nz5mQK5p0dc6rvj/arANAV1+HY 4K42hXwfB/Qsw6e/HPVf/andnFqV9FOhabdSxlV/wgjMeYx9yp+BLuTJ7o8PFqv4zn0q FKew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=kZ23b8E7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m18-20020a170902db1200b0017849b8866dsi20085267plx.438.2022.10.05.15.52.45; Wed, 05 Oct 2022 15:53:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=kZ23b8E7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229663AbiJEWj6 (ORCPT + 99 others); Wed, 5 Oct 2022 18:39:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229646AbiJEWj4 (ORCPT ); Wed, 5 Oct 2022 18:39:56 -0400 Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E75AE12D0C for ; Wed, 5 Oct 2022 15:39:54 -0700 (PDT) Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-12c8312131fso321276fac.4 for ; Wed, 05 Oct 2022 15:39:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=7/IEhAoDkrzzX8X0U3ubIc7ql44z59RBqzANu2Z5Uf0=; b=kZ23b8E7E6/0FLR94upG7egESjzi3A1tyWH40/a3UzVA1adzmBn18Dczn8uaxvuKCl Tr/HaGWe+RPW+BXG7sX14nJg/D1KRz0nKztxkwZbiC3RHZlEJa+4QEfA+8Xptm+YcDsb YSPidZ/h7S49vbmAt5BBra97njX2wVHj2jDIXrjIaQExOO3Iii6dQ1B8YYqQiGKKvWWz 2T+Zcbdco8UaftMSpx6qbmGvgGxKvU9qApbz0VU52uZg41EzPl4GEnzHOs25lhXI2jn9 n+0FsmAm4RIm+Yoa93PmnrUqhXVcrie44VIuZgQIR0RtZ3r81CrDmSvC98bxfjp68XJI Axuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=7/IEhAoDkrzzX8X0U3ubIc7ql44z59RBqzANu2Z5Uf0=; b=rNgeIJaos09Jadv/3IwJehqKYEZ11y63apDu6EaTEnEKrIZWE7W01E8zEL5idL5hfq MA+Mfgjubn5gd14tyJOhG6vyDSplYzYD8YRfoykW+iU8Rvytl8d9aLZkztS+9DB2/wfJ 4lRDNp0aWvAw9eJfjIibV/YtS6yoEixWgA/LnrOET7DN0S2B9ifD3I5sO5iMpxGVRlQL qU2bgnJlUZR2VUzUuqJpdQH6JS1mox9ijk/8NcZdV6szBzcv1l7T7ztxDkiibOeQn5DN nmEj6Th+K5rh4Tf1zgDK/ygT9uf8dEhEQjdS5n9KWCjwDLZOffg/8j6fmf9VMV19XxJP QS9Q== X-Gm-Message-State: ACrzQf0VgL+Rrzya8lRr28omW4hoeEKevl6Lh9f2zI3Gx3opcT6rQnpQ CT9/8QgJbGNZU1h1PtA8flM9cwy2jsJz/IOEeakk X-Received: by 2002:a05:6870:a916:b0:131:9361:116a with SMTP id eq22-20020a056870a91600b001319361116amr1042018oab.172.1665009594158; Wed, 05 Oct 2022 15:39:54 -0700 (PDT) MIME-Version: 1.0 References: <87sfk3mim9.fsf@email.froward.int.ebiederm.org> <87r0zmigx6.fsf@email.froward.int.ebiederm.org> <87a66ae15h.fsf@email.froward.int.ebiederm.org> <874jwic66q.fsf@email.froward.int.ebiederm.org> In-Reply-To: <874jwic66q.fsf@email.froward.int.ebiederm.org> From: Paul Moore Date: Wed, 5 Oct 2022 18:39:43 -0400 Message-ID: Subject: Re: [GIT PULL] LSM patches for v6.1 To: "Eric W. Biederman" Cc: Linus Torvalds , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 5, 2022 at 5:28 PM Eric W. Biederman wrote: > Paul Moore writes: > > On Wed, Oct 5, 2022 at 11:33 AM Eric W. Biederman wrote: > >> Paul Moore writes: > >> > On Wed, Oct 5, 2022 at 8:39 AM Eric W. Biederman wrote: > >> >> Linus Torvalds writes: > > > > ... > > > >> >> Effectively he said that where two or more out of tree LSM policies want > >> >> something it makes no sense to discussion the actual reasons people want > >> >> to use the hook. > >> > > >> > Runtime kernel configuration is inherently "out of tree", this > >> > includes not only loadable LSM security policies (e.g. a SELinux > >> > policy), the system's firewall configuration, things like sysctl.conf, > >> > and countless others. Please understand that "out of tree" in this > >> > context is not the same as when it is used in the context of kernel > >> > code; the former is actually a positive thing ("look we can configure > >> > the kernel behavior the way we want!") while the latter is a > >> > maintenance and support nightmare. > >> > >> Paul are you saying my experience with /proc/net pointing incorrectly at > >> /proc/self/net instead of /proc/thread-self/net is invalid? > > > > My comment was that runtime kernel configuration is always going to be > > out of tree due to its very nature, and conflating runtime > > configuration with kernel code is a mistake. ... > Given that the logic and it's bugs are going to be out of tree I do not > agree that we should only consider what goes into the kernel when > looking into that kind of code. Instead we should treat it will all of > the due diligence that we attempt to use when creating a system call. > That very much has not happened here. Eric, I disagree with most of what you said, to the point where we could probably go round and round in circles for days on this and not be any closer to an agreeable conclusion. I don't know about you, but that is not my idea of time well spent, especially since Linus has already voiced his opinion on the matter. I will end my comments here with the hope that someday soon you can at least find the ability to respect the consensus decision, even if you can't bring yourself to agree with it. -- paul-moore.com