Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4674872rwb; Mon, 21 Nov 2022 10:21:58 -0800 (PST) X-Google-Smtp-Source: AA0mqf6E+zT7qjY6MSiExHa65IsImITZ8eJCN/cgRQKitG2guLGaMeE5ZfU4pPOXOKYcn0QuNEyB X-Received: by 2002:a17:906:89a3:b0:78d:408a:4a18 with SMTP id gg35-20020a17090689a300b0078d408a4a18mr16487849ejc.261.1669054918439; Mon, 21 Nov 2022 10:21:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669054918; cv=none; d=google.com; s=arc-20160816; b=POhgqr7aPvvz5EhXwMsc1hq2C0q+1pI/qFczSzsEBROJNkmG9ukpPyUcBYPNq43a51 7hydw6U6hL5DKG9SXdI7krSwrlPrnIJSY+bAA9NqPWl5qiwbuAhqTlDY2aGFiYLuP19s 421WfogByK4Fy8AsxVul95ujP665p/CreMUVKXjdaxopg++uiDHQaagLuYpR+sWsxrYX OhQuYC4j62AbFUCeuZsLOeND021oyr8Z9Sr8DD6b5I+GZboPFZiEph5BMfIlVo4eanLm 9+TLNzt9Vp9Mc1iRQCTU2uYPTg44+xzHqMs7z7zLrU74NQNGVYSqTmget8oiBRtzUW25 u6pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Bou0JYSCQJBsYzNxAYXdw5UR9+PsbGaJuk6ZNqDB3ZQ=; b=pkYDRiwH86jwNTBfNKkRQXxv2NM+rCinF/vV5Wn6YAWMG1N0xJnET/Bvakli5RSbKN s9vug85kerDtpwZN9/PNH+rrnuQTw+X3K4ifVQnXEpuyRl+cYjPBc/ZQbODtL2H+9z/f tBc1SIFQSh0ZEpo/QZqDlhf6JXCwhK2molE6SXBL8E1K3C/aICE7C6QnS63p5Pvq1e/W tz2EVDBdDwhqrNY7CN8T/tXK52zB2opzFAeqr0t/67yEXL+fk35GB+VkYGOk3w8z/320 XtccAprFkK7NOfNZ07Virnq+p/RjLPbZA5ipTVo566z3ZqHJYt9othH0xuokXEZXOq48 faAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ev62ZYHq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dt13-20020a170906b78d00b0073d9ea386d4si8178631ejb.983.2022.11.21.10.21.28; Mon, 21 Nov 2022 10:21:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ev62ZYHq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231149AbiKUSMp (ORCPT + 91 others); Mon, 21 Nov 2022 13:12:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229864AbiKUSMn (ORCPT ); Mon, 21 Nov 2022 13:12:43 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F8E9233B6; Mon, 21 Nov 2022 10:12:41 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3E4EE61374; Mon, 21 Nov 2022 18:12:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 092D4C433D7; Mon, 21 Nov 2022 18:12:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1669054360; bh=3hKMiUWSJlNUwha4kRCYF6DVvlsHYc9XldvHrQoGMS0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ev62ZYHqi31e22gyDngGK7EIfQceHN+E3DDkSWP1G3IXOBeCWfQmDmemGbtRgLukA PMGWLB5QgVoQQljqfoH29fsa4KLSPEWOOnpn5Aiaqd8e5vxAhXnoElRuLtbWLwGYMI TyhDZXlGf4swVfntlNQFIjIo5U9cdNUCbgZf9t6c= Date: Mon, 21 Nov 2022 19:12:36 +0100 From: Greg Kroah-Hartman To: James Bottomley Cc: Nayna , Nayna Jain , linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-efi@vger.kernel.org, linux-security-module , linux-kernel@vger.kernel.org, Michael Ellerman , npiggin@gmail.com, christophe.leroy@csgroup.eu, Dov Murik , George Wilson , Matthew Garrett , Dave Hansen , Benjamin Herrenschmidt , Paul Mackerras , Russell Currey , Andrew Donnellan , Stefan Berger Subject: Re: [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs Message-ID: References: <44191f02-7360-bca3-be8f-7809c1562e68@linux.vnet.ibm.com> <88111914afc6204b2a3fb82ded5d9bfb6420bca6.camel@HansenPartnership.com> <10c85b8f4779700b82596c4a968daead65a29801.camel@HansenPartnership.com> <94fe007e8eab8bc7ae3f56b88ad94646b4673657.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <94fe007e8eab8bc7ae3f56b88ad94646b4673657.camel@HansenPartnership.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 21, 2022 at 12:33:55PM -0500, James Bottomley wrote: > On Mon, 2022-11-21 at 16:05 +0100, Greg Kroah-Hartman wrote: > > On Mon, Nov 21, 2022 at 09:03:18AM -0500, James Bottomley wrote: > > > On Mon, 2022-11-21 at 12:05 +0100, Greg Kroah-Hartman wrote: > > > > On Sun, Nov 20, 2022 at 10:14:26PM -0500, James Bottomley wrote: > [...] > > > > > I already explained in the email that sysfs contains APIs like > > > > > simple_pin_... which are completely inimical to namespacing. > > > > > > > > Then how does the networking code handle the namespace stuff in > > > > sysfs? That seems to work today, or am I missing something? > > > > > > have you actually tried? > > > > > > jejb@lingrow:~> sudo unshare --net bash > > > lingrow:/home/jejb # ls /sys/class/net/ > > > lo? tun0? tun10? wlan0 > > > lingrow:/home/jejb # ip link show > > > 1: lo: mtu 65536 qdisc noop state DOWN mode DEFAULT > > > group > > > default qlen 1000 > > > ??? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > > > > > So, as you see, I've entered a network namespace and ip link shows > > > me the only interface I can see in that namespace (a down loopback) > > > but sysfs shows me every interface on the system outside the > > > namespace. > > > > Then all of the code in include/kobject_ns.h is not being used?? We > > have a whole kobject namespace set up for networking, I just assumed > > they were using it.? If not, I'm all for ripping it out. > > Hm, looking at the implementation, it seems to trigger off the > superblock (meaning you have to remount inside a mount namespace) and > it only works to control visibility in label based namespaces, so this > does actually work > > jejb@lingrow:~/git/linux> sudo unshare --net --mount bash > lingrow:/home/jejb # mount -t sysfs none /sys > lingrow:/home/jejb # ls /sys/class/net/ > lo > > The label based approach means that any given file can be shown in one > and only one namespace, which works for net, but not much else > (although it probably could be adapted). Great, thanks for verifying it works properly. No other subsystem other than networking has cared about adding support for namespaces to their sysfs representations. But the base logic is all there if they want to do so. thanks, greg k-h