Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1198992rwi;
        Thu, 20 Oct 2022 09:42:57 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7n6rH76nTXHAiontsYmGNNRFVeawiWeFdJHZpdRv5aWT48x6GA4lgNsGqx63cRzw6Z3ECP
X-Received: by 2002:a17:907:a428:b0:78d:9fab:84fb with SMTP id sg40-20020a170907a42800b0078d9fab84fbmr11325056ejc.694.1666284177203;
        Thu, 20 Oct 2022 09:42:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666284177; cv=none;
        d=google.com; s=arc-20160816;
        b=i6+gclTCPu9iuXU3fLcwxzjMUlgQPEEC0XTo2M7o+5fjlf49HJIFVbpqV6tXIDpvFM
         Wm8AzA5KfAlcTck6ajKb1+bxJsb+J0/U5BJACU7958yMJbRXZitO8MqKUnioXpRreHNQ
         jCfsgUx9eWlK7U/TeR0/3kQTNmIELRoSMFupDWiquB8Da+EgW1SIbyrdjcnQp0o+y+DD
         kyLV6RwtN7i3YqwtYjovWKSIG6ZhRk92JEehXTaJ6Lc3DicrEvRM8gNoWxB/8HAj8Kx7
         xniM5h4bxY5aH7S64hX6tnvCrOmgrMqvri7efKdNQUrghhxE9zJPO8G0llY6H+XCn32e
         zbIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=vuJ1OX3Cxr4MI7P448IfdHAHrYdLDVJPbpwIxu/boEU=;
        b=lNGKu69P748lBtOMagtY706LgNcFmHGL6wBC7ZVMvVw/z3Bwk1+ORU38QHC6qTubpd
         4J7JHkN0B/HXxbZmUuHXaGwT/rOnEjJ6dN1qbEkogdw85eskVzyZqY5vDBP6TFwNuyuL
         X82YxiWUOsO5/m8n8T+6aKOoSZvXvmZxOZSudRLVr+Mft9lzg1CtcuOwd4M5RPNJAS4N
         qQ4KBpvQBxO2A2936hfCiUvJgo5kZA6wK6Remj8svLYaqRUP5hCzbouyteUEy8Tc+ynX
         tgJK1SxOSs4e37gFBSyKW9GJI8cXMeTZBzcYOBeBlD1wpozVhqMZdOANzgtzYocHHGk3
         ++qw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=xMxRHb6k;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id e11-20020a17090658cb00b0078e9ca562d8si14206090ejs.879.2022.10.20.09.42.32;
        Thu, 20 Oct 2022 09:42:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=xMxRHb6k;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229960AbiJTPpB (ORCPT <rfc822;arvinlake4755@gmail.com>
        + 99 others); Thu, 20 Oct 2022 11:45:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39658 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230008AbiJTPo6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 20 Oct 2022 11:44:58 -0400
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EB0A59700
        for <linux-kernel@vger.kernel.org>; Thu, 20 Oct 2022 08:44:54 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id 126so68754ybw.3
        for <linux-kernel@vger.kernel.org>; Thu, 20 Oct 2022 08:44:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=vuJ1OX3Cxr4MI7P448IfdHAHrYdLDVJPbpwIxu/boEU=;
        b=xMxRHb6kucYGsW9hgAzpoA9Lp+fP7/3igVJMrDYXimIwAFBIhogm6Ny0iqNRwWAd6M
         QCRLVyks3/AwZIbTclS1429iwxEVUnzp7Ve/+6cep979/rEg8jj7z4FrLSCNPwvZzBX5
         eYXfZv3ZYsHno6Rcwm9krsK06MTBhCt/tO62c/ZEbDyQCCJG1JgYELb5fvPl5ku03T2U
         qX51NYl7WbDfvxqxuLPCRh1G/eI4QWC9LaloVz8Efve0N5Y5TAFYTBe3lS+Bf4/oJcX1
         ae634PdCsN/+fDy7ZLl1PPCnK2wfmPKYp8PKPXjFYocmVwBRzJy6tML39FHZs5qMT4Ry
         jlDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=vuJ1OX3Cxr4MI7P448IfdHAHrYdLDVJPbpwIxu/boEU=;
        b=2y/EVE132hGq21SirfC/lswq3sre8yYuT1NakCyk4bw9ljzsjUOX9JaMJKu2rvN9k6
         1bvGpAIJmVgsakE8HIyTkfcBL5u6PoSMfVm8eWiWGB+zW+bVb4vum65vbcrm+yVaq8Vq
         ok8r6kVuL2h8o2e1zz8tfqBnbUAYdSbda86+t+n/+vxT43CHFODTTnTprwMEufIjZpC5
         yZmDSVccfc1eSwXkjWLxk+iK6t3T10prS8hAdYIS+aewzmrqEDkD0emgMDQXxdawVC4+
         CxHPg43w2eag3bIMlChGC3u3trcIeZ6p07BxDM9/HHEpVduLf5kA5gJEAWRzyNuq8FRp
         DmfQ==
X-Gm-Message-State: ACrzQf2dculUbeMyzBUNFYZl3Mevch3S0WZbipiVD/1mc6164zMq4uG0
        j9QX4ZfmNC1UqlPFFxqhVxMq0bI+SusNbHDiE+ca
X-Received: by 2002:a05:6902:724:b0:6c0:1784:b6c7 with SMTP id
 l4-20020a056902072400b006c01784b6c7mr11983384ybt.15.1666280693355; Thu, 20
 Oct 2022 08:44:53 -0700 (PDT)
MIME-Version: 1.0
References: <20220927195421.14713-1-casey@schaufler-ca.com> <20220927195421.14713-7-casey@schaufler-ca.com>
In-Reply-To: <20220927195421.14713-7-casey@schaufler-ca.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 20 Oct 2022 11:44:41 -0400
Message-ID: <CAHC9VhQbr1zgyvzM9zB97+rzO-Rcy6CUt_3-54ED-SEanVWyRQ@mail.gmail.com>
Subject: Re: [PATCH v38 06/39] LSM: lsm_self_attr syscall for LSM self attributes
To:     Casey Schaufler <casey@schaufler-ca.com>
Cc:     casey.schaufler@intel.com, linux-security-module@vger.kernel.org,
        linux-audit@redhat.com, jmorris@namei.org, selinux@vger.kernel.org,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,URIBL_BLOCKED
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Sep 27, 2022 at 3:57 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> Create a system call lsm_self_attr() to provide the security
> module maintained attributes of the current process. Historically
> these attributes have been exposed to user space via entries in
> procfs under /proc/self/attr.

Hi Casey,

I had hoped to get to review these patches earlier this week, I know
you are very anxious to see something happen here, but unfortunately
that didn't work out and I'm now in a position of limited network
access and time for a bit.  I will do my best to at least comment on
the new syscall related additions, but thankfully you've already
started to get some good comments from others so I'm hopeful that will
help you keep moving forward.

One comment I did want to make, and it's important: please separate
the LSM syscall patches from the LSM stacking patches.  While the
stacking patches will obviously be dependent on the syscall patches,
the syscall patches should not be dependent on stacking.  However, the
LSM syscall patches must be designed from the start to support
multiple, simultaneous LSMs.

Thanks.

-- 
paul-moore.com