Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4326863rwb; Mon, 21 Nov 2022 06:26:40 -0800 (PST) X-Google-Smtp-Source: AA0mqf5iLRBVqLEBbsePV/dH4PoA7IsA4BXv8cKdqk90TuyjJwQL/ZGq/ZDIHplsRLveItYhWEyF X-Received: by 2002:a17:907:c314:b0:78c:2b55:59be with SMTP id tl20-20020a170907c31400b0078c2b5559bemr16000457ejc.2.1669040800376; Mon, 21 Nov 2022 06:26:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669040800; cv=none; d=google.com; s=arc-20160816; b=BztaA95wXa6WCmcJVQQ8IrhzGaVxF2/5Bi53M//3eulAWw8dHuEXIGrmjsoVgNlJjD MD4aHKeqJcXFhAwe66OO3aaE2jPiDeT0gR0i7J+znBITgPcCei4sOqybtmAi6otWIx+i HaZLEPbt6l4uC6F62o4swYkH25mOQEVPN1P7iYbWMCL3gaSDRTyccikCe7qmXF1O1lMn ZvwcAyzz99yxZaFVBbp/qtUccYWc50ELHY405maq7ZmmfokwoeSuI9C29V7fZkbaPuLs h7MSErrU/Xg0+OpegSZNKxi2fpGdleoTKO9BMWDFnzQmkvLPXch9iHSPKT0InwN/K/// 0n3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=sQfhS9CILgxleVIOkHONqA3sxaj0jtRfJmqGf66goQw=; b=l0oY3bRTuAWoMRu+g3WNk5YuD4LsATunk+TLfollTUs82JSz8iHQbVVcoyRMB6G5H0 WncFeK7BUoxCbn9AvnzLj8su5T2LP2aPWt38Gw4i8vDi+U9CwMVNWKF1vhR9BjD8pb9X a95kC2FAsS9hxwj/Z5QtIhblWEO/QSUiKN5lc1YD20prkm5nWH1uM/kf2hnp3ZE5IHVY OnDIW3/omxXLnTbJyh2pNX/BUp4COMJen2MTk6N/tvE0xi8p7ZQskBy4KzexvEHv2psn GvIaWyog/P7d0b8Tgpmc/CV4CeJuRv0f8Qw2sRfpW1F4jV+iAAgRVjEMl+7iJ2pDfE8R dmug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="LmOnMjf/"; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="LmOnMjf/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v22-20020a056402349600b00467570d605esi10292121edc.608.2022.11.21.06.26.17; Mon, 21 Nov 2022 06:26:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="LmOnMjf/"; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="LmOnMjf/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229449AbiKUOHV (ORCPT + 91 others); Mon, 21 Nov 2022 09:07:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229927AbiKUOGp (ORCPT ); Mon, 21 Nov 2022 09:06:45 -0500 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 215D5C7207; Mon, 21 Nov 2022 06:03:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1669039402; bh=S0ZSP+LpMvn5EG+QMrGCuiVBzAD0TgzklGkqSoGsMpY=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=LmOnMjf/PWybJ5EX60Fa9yOKxgTbOvaRNaY04/paLbN5uH4o4lPv4ZMxd1OjFSPog Jb7NDJz0ZFryHqV2O6+rSEhBsA6OMwneoaJQKNnz1xxYLQrFIAyv+iok9dE2vugAWJ Tb5oPQaOnH+VFy7FEgUaIo3Nvkw17Gh0THyBTrw0= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 747E11286581; Mon, 21 Nov 2022 09:03:22 -0500 (EST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AUktWLsrhDZo; Mon, 21 Nov 2022 09:03:22 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1669039402; bh=S0ZSP+LpMvn5EG+QMrGCuiVBzAD0TgzklGkqSoGsMpY=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=LmOnMjf/PWybJ5EX60Fa9yOKxgTbOvaRNaY04/paLbN5uH4o4lPv4ZMxd1OjFSPog Jb7NDJz0ZFryHqV2O6+rSEhBsA6OMwneoaJQKNnz1xxYLQrFIAyv+iok9dE2vugAWJ Tb5oPQaOnH+VFy7FEgUaIo3Nvkw17Gh0THyBTrw0= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id A207B1286558; Mon, 21 Nov 2022 09:03:20 -0500 (EST) Message-ID: <10c85b8f4779700b82596c4a968daead65a29801.camel@HansenPartnership.com> Subject: Re: [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs From: James Bottomley To: Greg Kroah-Hartman Cc: Nayna , Nayna Jain , linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-efi@vger.kernel.org, linux-security-module , linux-kernel@vger.kernel.org, Michael Ellerman , npiggin@gmail.com, christophe.leroy@csgroup.eu, Dov Murik , George Wilson , Matthew Garrett , Dave Hansen , Benjamin Herrenschmidt , Paul Mackerras , Russell Currey , Andrew Donnellan , Stefan Berger Date: Mon, 21 Nov 2022 09:03:18 -0500 In-Reply-To: References: <20221106210744.603240-1-nayna@linux.ibm.com> <20221106210744.603240-3-nayna@linux.ibm.com> <8447a726-c45d-8ebb-2a74-a4d759631e64@linux.vnet.ibm.com> <44191f02-7360-bca3-be8f-7809c1562e68@linux.vnet.ibm.com> <88111914afc6204b2a3fb82ded5d9bfb6420bca6.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2022-11-21 at 12:05 +0100, Greg Kroah-Hartman wrote: > On Sun, Nov 20, 2022 at 10:14:26PM -0500, James Bottomley wrote: > > On Sun, 2022-11-20 at 17:13 +0100, Greg Kroah-Hartman wrote: > > > On Sat, Nov 19, 2022 at 01:20:09AM -0500, Nayna wrote: > > > > > > > > On 11/17/22 16:27, Greg Kroah-Hartman wrote: > > > > > On Mon, Nov 14, 2022 at 06:03:43PM -0500, Nayna wrote: > > > > > > On 11/10/22 04:58, Greg Kroah-Hartman wrote: > > [...] > > > > > > > I do not understand, sorry.  What does namespaces have to > > > > > > > do > > > > > > > with this? > > > > > > > sysfs can already handle namespaces just fine, why not > > > > > > > use > > > > > > > that? > > > > > > Firmware objects are not namespaced. I mentioned it here as > > > > > > an > > > > > > example of the difference between firmware and kernel > > > > > > objects. > > > > > > It is also in response to the feedback from James Bottomley > > > > > > in > > > > > > RFC v2 [ > > > > > > https://lore.kernel.org/linuxppc-dev/41ca51e8db9907d9060cc38ad > > > > > > b59a66dcae4c59b.camel@HansenPartnership.com/]. > > > > > I do not understand, sorry.  Do you want to use a namespace > > > > > for > > > > > these or not?  The code does not seem to be using > > > > > namespaces.  > > > > > You can use sysfs with, or without, a namespace so I don't > > > > > understand the issue here. > > > > > > > > > > With your code, there is no namespace. > > > > > > > > You are correct. There's no namespace for these. > > > > > > So again, I do not understand.  Do you want to use filesystem > > > namespaces, or do you not? > > > > Since this seems to go back to my email quoted again, let me > > repeat: the question isn't if this patch is namespaced; I think > > you've agreed several times it isn't.  The question is if the > > exposed properties would ever need to be namespaced.  This is a > > subtle and complex question which isn't at all explored by the > > above interchange. > > > > > How again can you not use sysfs or securityfs due to namespaces?  > > > What is missing? > > > > I already explained in the email that sysfs contains APIs like > > simple_pin_... which are completely inimical to namespacing. > > Then how does the networking code handle the namespace stuff in > sysfs? > That seems to work today, or am I missing something? have you actually tried? jejb@lingrow:~> sudo unshare --net bash lingrow:/home/jejb # ls /sys/class/net/ lo tun0 tun10 wlan0 lingrow:/home/jejb # ip link show 1: lo: mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 So, as you see, I've entered a network namespace and ip link shows me the only interface I can see in that namespace (a down loopback) but sysfs shows me every interface on the system outside the namespace. This is pretty much the story of containers and sysfs: if you mount it inside the container, it leaks information about the host configuration. Since I created a container with full root, I could actually fiddle with the host network parameters on interfaces I shouldn't be able to see within the container using sysfs ... which is one reason we try to persuade people to use a user namespace instead of full root. > If the namespace support needs to be fixed up in sysfs (or in > securityfs), then great, let's do that, and not write a whole new > filesystem just because that's not done. As I said: a fix is proposed for securityfs. I think everyone in containers concluded long ago that sysfs is too big an Augean Stable. > Also this patch series also doesn't handle namespaces, so again, I am > totally confused as to why this is even being discussed... Well, it's not my patch. I came into this saying *if* there was ever a reason to namespace these parameters then please don't use interfaces inimical to namespacing. My personal view is that this should all just go in securityfs because that defers answering the question of whether it would eventually be namespaced. James