Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3354132rdh;
        Thu, 28 Sep 2023 09:12:28 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFfrME8c+WmZlf+i8ZrKQDgjCfC0JQ1y1mn9n06HKYo4PXuBy1cEP/aD4k3k/DcIXY5miF/
X-Received: by 2002:a05:6358:4297:b0:13a:a85b:a4ce with SMTP id s23-20020a056358429700b0013aa85ba4cemr1822200rwc.16.1695917548149;
        Thu, 28 Sep 2023 09:12:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695917548; cv=none;
        d=google.com; s=arc-20160816;
        b=m1SGu7oK8upW/oCaQp/5vJ92ehyK0jHIl+3+iobJf3kz6Wv/kk+UXYEvpEfhVLEEms
         obgiCveSm5K5aKXdhtaOf4p4x5yD7k+c9MOk+q4sgW91UsPwToPfRoWmtAOl2Ce1e1Vw
         lvVHq7W3sHD4YJZ9gMW8w9xDEEaP+MK/LSOliLGmKXsRx6vQfwdCSjRsIJaRw44LCRJz
         gNGjoRGpLaEnqVn6rD06p+fdK+u0S/3/ByHETOeAzHvK4TC5Wg00Q2thuKBV3M2JTKZl
         NopqdCfQpAZmiU/clV216i0KqZz4YVw7rryLm5l3p3+o9C7jL6GLV5HLRBnrokJNkrIF
         YTSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=DtI3kB3DRHPB9DqqP0XY+HAtUyMDubLkneuHlzD3860=;
        fh=oGjdH5gErewDh5fKzgW0R8r6UbHdbMRbMoljsmhyoL0=;
        b=vfjignIc63nB422caabwRfR6llSIGyBmUTZB8FfmOhww7SN11H66KzgwsHd8sskGD6
         AWAvz3Wx9Zhs0di7mLvClcWZPbZVPeEFrrliaj22RMFEgDR/NhuGvlddgo2voIIaUEqf
         HvEH8Tgtg0ez/lHiXTbcMl/QOPjqpcHCRrjjHIEtvtOBuBuyYlmiajJKBRWeDhJp8sHS
         mZX1UrCIMfSMidt/ZkkX6g+oSXp2z7nxKpBSLQCD8NeviEksEDtXX5HiiDgIIE6jwDS/
         CRvPZKSZt5Wtd5Wrph4MkSuuVgf/8XOTbtA4EkQ51vWwKRJH3PCVWKdrHs368Nl8nRQA
         o/IA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@szeredi.hu header.s=google header.b=gYiPrQmN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7])
        by mx.google.com with ESMTPS id i186-20020a6387c3000000b005854ee6b62bsi4832920pge.701.2023.09.28.09.12.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 28 Sep 2023 09:12:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@szeredi.hu header.s=google header.b=gYiPrQmN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id EB7EB82663E2;
	Thu, 28 Sep 2023 03:07:42 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230517AbjI1KHg (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Thu, 28 Sep 2023 06:07:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45346 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230341AbjI1KHd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Sep 2023 06:07:33 -0400
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26BFA12A
        for <linux-kernel@vger.kernel.org>; Thu, 28 Sep 2023 03:07:30 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-9ae75ece209so1462686966b.3
        for <linux-kernel@vger.kernel.org>; Thu, 28 Sep 2023 03:07:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google; t=1695895648; x=1696500448; darn=vger.kernel.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=DtI3kB3DRHPB9DqqP0XY+HAtUyMDubLkneuHlzD3860=;
        b=gYiPrQmN1jhYL+x8C0LEoXUdQcqshHo58gF2gKveAmY9rYqXs3JSyK6HSznIH6b1i8
         iRV/Or2UlbUuiqfPM4vmn3DQyXSjSbZTph6iyrIYNSHjMThz1dVLZzjbULl05eZl8fp3
         crc2xqIaMfNBcq1E1iWQx3ucLokdBXwTU7fJ8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1695895648; x=1696500448;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DtI3kB3DRHPB9DqqP0XY+HAtUyMDubLkneuHlzD3860=;
        b=pB9LQaq4jYzMWkUaz3Ask9K+ruUGG/c2wZlojlsbgwh5cWRLbmN+QCRPnR7EjLhKEg
         S8/cS4+cjXZ3GMn0iWPK43EbMid17PenMtOss2xWLa8Hcoa+98v2zEfy/Oyi3KUvr/UA
         SWSvtpBKs2by99aINLZOCNc4Dvi6eES+/gKQGytlN3ZKE2hFodim6hLEX3FAXAxq2tSE
         vgpCqL7AosEoedzZpPZT43fhnTcsWOIJx/8FxAzJJRH34MbMo+HJipuXCGXs+v+/XaZ6
         UWSKqZibEMlJjA6tYdKyipyd/EkrNRyEapYzrEG1V0/F1PhXBgVL6YtcqbsuCUu8bhU8
         3izg==
X-Gm-Message-State: AOJu0Ywh3hGYu4Bi05IJfVn9JWg85y5kx7bFAhN2GKUzAfP396zp3bnd
        /EcoDq4Q+oW4V2OLvR7mZhTrB595j5ACDZ2xbCHXog==
X-Received: by 2002:a17:907:7609:b0:9a5:cf23:de5b with SMTP id
 jx9-20020a170907760900b009a5cf23de5bmr846668ejc.38.1695895648586; Thu, 28 Sep
 2023 03:07:28 -0700 (PDT)
MIME-Version: 1.0
References: <20230913152238.905247-1-mszeredi@redhat.com> <20230913152238.905247-4-mszeredi@redhat.com>
 <20230917005419.397938-1-mattlloydhouse@gmail.com> <CAOssrKcECS_CvifP1vMM8YOyMW7dkGXTDTKY2CRr-fPrJk76ZA@mail.gmail.com>
 <20230918-einblick-klaut-0a010e0abc70@brauner> <CAHC9VhQsChQO9aaY+NTtmvJgXBodvXO6rUN3d7ZyHGqitLBABw@mail.gmail.com>
In-Reply-To: <CAHC9VhQsChQO9aaY+NTtmvJgXBodvXO6rUN3d7ZyHGqitLBABw@mail.gmail.com>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Thu, 28 Sep 2023 12:07:17 +0200
Message-ID: <CAJfpegtJwcS9=7dCAVCEoBwD_U2MX44a6B62iDsc78AZt6nM7Q@mail.gmail.com>
Subject: Re: [RFC PATCH 3/3] add listmnt(2) syscall
To:     Paul Moore <paul@paul-moore.com>
Cc:     Christian Brauner <brauner@kernel.org>,
        Miklos Szeredi <mszeredi@redhat.com>,
        Matthew House <mattlloydhouse@gmail.com>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-api@vger.kernel.org, linux-man@vger.kernel.org,
        linux-security-module@vger.kernel.org, Karel Zak <kzak@redhat.com>,
        Ian Kent <raven@themaw.net>,
        David Howells <dhowells@redhat.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <christian@brauner.io>,
        Amir Goldstein <amir73il@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 28 Sep 2023 03:07:43 -0700 (PDT)

On Tue, 19 Sept 2023 at 18:48, Paul Moore <paul@paul-moore.com> wrote:

> > Ideally we avoid multiple capable(CAP_SYS_ADMIN) calls by only doing it
> > once and saving the return value. capable() call's aren't that cheap.
>
> Agreed.  The capability check doesn't do any subject/object
> comparisons so calling it for each mount is overkill.  However, I
> would think we would want the LSM hook called from inside the loop as
> that could involve a subject (@current) and object (individual mount
> point) comparison.

The security_sb_statfs() one?

Should a single failure result in a complete failure?

Why is it not enough to check permission on the parent?

Thanks,
Miklos