Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp3137026rdb; Fri, 22 Sep 2023 21:47:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHLdn8KX5xcBKxNRWlc2WqaOhe5cMnNp26Ae/zjTKnKblwBgJQwwi31Yqf7PrJC3evCRbMv X-Received: by 2002:a05:6358:912:b0:143:8ea6:483 with SMTP id r18-20020a056358091200b001438ea60483mr1473259rwi.0.1695444459435; Fri, 22 Sep 2023 21:47:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695444459; cv=none; d=google.com; s=arc-20160816; b=kKYpWQB1AjPtgT8nN8QNFVtOCovrCo7Lr2xpEsmKKyTX6Br32S+BIip9XYDgWp/y5W QT5BBuu88LFz6B2g6xaF2YLq0ab1nD8kIQXomiijUMq+5EcJT7Mw0FGBtetONbLZG+qz h/FNWkF+Mwz3Y6qU1GWzERFHcN3oVlOBvL2veRAkSo2zDmK5Oz/Obw8FC4THOf6m5nWt dbQ1+Y9lrhsAVZh8tiSJHF/kYWCBjxl2f4hqCFP3clEc3/YAYgMr/Fv2cyru4UIHfaPB DSV3ifJYjds+cRrOJn2p+A32csJqH+Do06Bml/Ca73KRbMgtxmqWfaVX3Fqx5m5g5Ff1 c7HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=KF8IwXFSus/BShsERmJn87XMgOk9lUNUtyG4/CCHeBg=; fh=9Q4CjLiqk3KMK7rf1gffP/0uvl2E6e4H8gBc+Y7JtIQ=; b=nKQ/nQjMfDlWhG38I8aPzDRbi19H9l1Vr3Eh1BgEdM6PiCsfyl7Gw6E+IAPhEId53k dXe3Yhf9Y/k7pSNGA9a2E/bMZ7dloWfxUWmB/uvsxRyaVnNgvuRsF+tSmNJphRxZKQDD yPwsE9CWsruddEJ6sUTs+IhbnvWylflLiunujGPq7B4YHdAiz6TYY5Fd2B1YiPXPWOxQ OlsCbx2+YK6q8ifUWhRA5be5hncFf7eYwdwyBeRIJv016I+98JCLLDFL9v92spJJZ8tB bJL6W+YgLoF6WowgrNPy/7saEcqC6q2XwXglPAGJTc8mO4/4b1xn6eIO8rRC5QnVRkzd yCHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id cf4-20020a056a02084400b00573f8a5337esi5336595pgb.461.2023.09.22.21.47.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Sep 2023 21:47:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 89B0B83D10D5; Fri, 22 Sep 2023 21:47:36 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229884AbjIWErZ (ORCPT + 99 others); Sat, 23 Sep 2023 00:47:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229652AbjIWErX (ORCPT ); Sat, 23 Sep 2023 00:47:23 -0400 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9396719E; Fri, 22 Sep 2023 21:47:17 -0700 (PDT) Received: from fsav412.sakura.ne.jp (fsav412.sakura.ne.jp [133.242.250.111]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 38N4kYnm032599; Sat, 23 Sep 2023 13:46:34 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav412.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav412.sakura.ne.jp); Sat, 23 Sep 2023 13:46:34 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav412.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 38N4kYZc032591 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Sat, 23 Sep 2023 13:46:34 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: Date: Sat, 23 Sep 2023 13:46:35 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [PATCH v15 01/11] LSM: Identify modules by more than name Content-Language: en-US To: Kees Cook Cc: Casey Schaufler , paul@paul-moore.com, linux-security-module@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, john.johansen@canonical.com, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net, Dave Chinner , Linus Torvalds , Jonathan Corbet References: <20230912205658.3432-1-casey@schaufler-ca.com> <20230912205658.3432-2-casey@schaufler-ca.com> <1f5e725d-58b6-eca2-97dc-d7c1209ff167@I-love.SAKURA.ne.jp> <568c0730-b458-04b4-dbfa-77da1758aa05@schaufler-ca.com> <94743c22-bc76-e741-e577-3e0845423f69@I-love.SAKURA.ne.jp> <6df9f8b8-5653-09a5-ae0a-6526016abaff@schaufler-ca.com> <202309200803.1911A584@keescook> From: Tetsuo Handa In-Reply-To: <202309200803.1911A584@keescook> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.3 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 22 Sep 2023 21:47:36 -0700 (PDT) X-Spam-Level: * On 2023/09/21 0:08, Kees Cook wrote: > I feel like you are willfully not listening to us when we say that this > doesn't block out of tree LSMs. Again, there is nothing here that stops > it. To prove this point, here is an out of tree LSM that works with this > series. So let's move from theoretical to practical: given this example, > why do you think out of tree LSMs are blocked? Because an LSM ID value > diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h > index eeda59a77c02..23b7a8f79cef 100644 > --- a/include/uapi/linux/lsm.h > +++ b/include/uapi/linux/lsm.h > @@ -63,6 +63,8 @@ struct lsm_ctx { > #define LSM_ID_BPF 110 > #define LSM_ID_LANDLOCK 111 > > +#define LSM_ID_GOAT 1138 > + > /* > * LSM_ATTR_XXX definitions identify different LSM attributes > * which are used in the kernel's LSM userspace API. Support is assigned to LSM only when that LSM became no longer out of tree. I'm against the policy that only LSM modules that succeeded to become in-tree are assigned LSM ID. That's not a good usage of identifier. Quoting from https://lkml.kernel.org/r/4a6b6e2c-9872-4d4c-e42e-4ff0fb79f3ae@I-love.SAKURA.ne.jp : The sane and the better usage of LSM ID is to register any publicly available LSMs. If LSM ID serves as an index for what LSMs are available in the world, by maintaining "the LSM module name, the LSM ID value, short description about that LSM module, the public git repository or web site for more information about that LSM module" pairs, people can easily find what LSMs could be used for their purpose, and developers can avoid re-inventing similar LSM modules which are already available somewhere in the world (and optionally helps avoiding module name collisions with any publicly available LSMs). You must not say "We don't care about out of tree LSMs." when talking about this patch.