Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp1068608rdb; Tue, 19 Sep 2023 20:54:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFKAzfpI7HCi2FwOR/Z3WijcsEslJ6VVlTFfzP9gpKVNvx14kk/i9htBfX8Tyt29pUho0Np X-Received: by 2002:a17:90a:7bc9:b0:271:c314:a591 with SMTP id d9-20020a17090a7bc900b00271c314a591mr1584972pjl.47.1695182043749; Tue, 19 Sep 2023 20:54:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695182043; cv=none; d=google.com; s=arc-20160816; b=bFlJjE9mug0+Pd4voVI0FW1Imhlh19guY1ksClZjStQE9cxdCk1GkOUHuQenFQqgtY ot8AMBNl9LmQCXOJMcMzQmNiYQNEPTfIELDsuXjQ3E5ywdpwP7NHyGr4ZsoXMAT6JHM/ g8/CpjPlbr4CMSnD5WCZCm7y7fCoPzmp5jjZBwr/mULjnNjIpsTfkdXBeZHcLRNrKWjo KkFQP8FOeGa61z+k0evVFRFwWrU8g7tX5lY5KkOs1X5nxb1jD+j2dxXAYZNfUw0HgTDi MVRNjUmw0Zwj1XvrtaO/mkC/2lHjkpZE0Ad4jkRu1uRuCsbsogoyl120qz6dtp0mTfIe 58Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=b0a58sjbAG0A2Db53/Y8qtKDwxJA4NQiN/zlKOHGSV8=; fh=3xKVI7UNaMhTYBsTmJqRAlYd08P/ZfkjVLQi9phwAcc=; b=WX+0ydmE6Eh6KXRqX7y/eY4ezxtJUbp3JeT5AhsiFkZO9Qo8MuCFhDgzVxjPPy+7E0 +adYB3AP8VtjXWBUEKT0IoqDrO7cFy2VjChIv1hXhEObt3uUbkzAQ1YZCkENvTDmwn/J U/Ytjl5aVqzX3a382iiVJUcEzXNdq6APDvi8rDKViL0AaYAmdbjMeipbwHCFcYPy1X3q C8sjei+XBkj2Ff2N5RT/+h5kTLDbW4ihTFgmcKDu5XcSSDw1T1sF8XFagbBvzBlkoF6K TbirIMadd72dC7pSC6tlUUysPyGeci30hpW0xd+1sp20SHLNnCg6vkmJxebF4MWS+W+q zTEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=TM5ZUjOA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id o18-20020a17090ac09200b0027491203b43si620164pjs.189.2023.09.19.20.54.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 20:54:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=TM5ZUjOA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 31EFB81BFCCC; Tue, 19 Sep 2023 09:47:56 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230434AbjISQrl (ORCPT + 99 others); Tue, 19 Sep 2023 12:47:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231703AbjISQrj (ORCPT ); Tue, 19 Sep 2023 12:47:39 -0400 Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 510B7C6 for ; Tue, 19 Sep 2023 09:47:32 -0700 (PDT) Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-d84c24a810dso2585510276.2 for ; Tue, 19 Sep 2023 09:47:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1695142051; x=1695746851; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=b0a58sjbAG0A2Db53/Y8qtKDwxJA4NQiN/zlKOHGSV8=; b=TM5ZUjOAzUYh87fKhiMIZzbDLLxZSC9g19dR6Q+EqAjA3RUbVL08w5sQA0i/jRpJwF tPoFJz7i1Iw8+NicI8zzMJtfE/IxN9SOqt0mwSVX9BgcAg3MYT5ASg9mIGBOhD1xe2Nh e+u6g+Y+raaSc8Rlza9rqVA7+VfU0JoGmVGmONTXc7BHTjLfGFHdDteXVXiaeamEhaX8 HG5Z1H4PLT5JrUycpXIiKN679HLoI8QnvpWbEfFUl2SwzVhZofsDtNQqAnE/N6NPlfm6 oK10qiklJ9CXHOAZqLbx7SajBzbMwAelNZO2AOckBqL0L6yDHb+QrDHEyAr0zbseh6BA PbdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695142051; x=1695746851; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b0a58sjbAG0A2Db53/Y8qtKDwxJA4NQiN/zlKOHGSV8=; b=OG+h3WCA3Q+ZRLVw+pVMMEJgbS7fl2afBKmeqAn1mPaWkmCBcWNADkCAFGfd9pRaXN KEEksdT9uEP9AtnKFwEstoBo2q0RjcEfsMLdJNOCVRaLqJltcEjPkOG24oy2QL2QfsTv a/GyEmlAvjmXKbPLhcmIcfUcsJbL/Z/I+s6NkJzTO/rBDN6vo0MzcmR6eiT6ePhdBxEi AzbC4ImLJ/ff0L3VTB7I70VBH/1SOhHxBQ82CGtZIJ9QpZpahw6TXoDWHDlaIJnqOO5c 8nuSvduvlU2CkCz1ugI9pjCvYAczgpS1jeC6FNMSZh004Wi4xT/Ad/I52RCsjobPbvOt /CYA== X-Gm-Message-State: AOJu0YztLHj9tSHskO1d2nz/bDfvP3vXDSQ7CDwDWnydIQq2iJ7Whdn4 prt2is/OvoO9sNZn3T+YRxcvZTcXjxwLkxbYblRE X-Received: by 2002:a5b:8d2:0:b0:d5d:4df9:b6e2 with SMTP id w18-20020a5b08d2000000b00d5d4df9b6e2mr105144ybq.46.1695142051445; Tue, 19 Sep 2023 09:47:31 -0700 (PDT) MIME-Version: 1.0 References: <20230913152238.905247-1-mszeredi@redhat.com> <20230913152238.905247-4-mszeredi@redhat.com> <20230917005419.397938-1-mattlloydhouse@gmail.com> <20230918-einblick-klaut-0a010e0abc70@brauner> In-Reply-To: <20230918-einblick-klaut-0a010e0abc70@brauner> From: Paul Moore Date: Tue, 19 Sep 2023 12:47:20 -0400 Message-ID: Subject: Re: [RFC PATCH 3/3] add listmnt(2) syscall To: Christian Brauner Cc: Miklos Szeredi , Matthew House , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , Ian Kent , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Amir Goldstein Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Tue, 19 Sep 2023 09:47:56 -0700 (PDT) On Mon, Sep 18, 2023 at 12:52=E2=80=AFPM Christian Brauner wrote: > On Sun, Sep 17, 2023 at 04:32:04PM +0200, Miklos Szeredi wrote: > > On Sun, Sep 17, 2023 at 2:54=E2=80=AFAM Matthew House wrote: > > > > > > + list_for_each_entry(r, &m->mnt_mounts, mnt_child) { > > > > + if (!capable(CAP_SYS_ADMIN) && > > > > Good point. That issue was nagging at the back of my mind. Having an > > explicit flag nicely solves the issue. > > Ideally we avoid multiple capable(CAP_SYS_ADMIN) calls by only doing it > once and saving the return value. capable() call's aren't that cheap. Agreed. The capability check doesn't do any subject/object comparisons so calling it for each mount is overkill. However, I would think we would want the LSM hook called from inside the loop as that could involve a subject (@current) and object (individual mount point) comparison. > Plus, we should decide whether this should trigger an audit event or > not: capable(CAP_SYS_ADMIN) triggers an audit event, > ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN) wouldn't. Why would we not want to audit the capable() call? --=20 paul-moore.com