Received: by 2002:a05:7412:518d:b0:e2:908c:2ebd with SMTP id fn13csp410211rdb; Thu, 5 Oct 2023 09:17:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFh6E05VnWgcBSsqAtZShgYXzC6NGzupflRqnhX+PkLcaggdcEZofhP3TxA0YLat+nEGJ9x X-Received: by 2002:a17:902:ea07:b0:1c3:749f:6a5c with SMTP id s7-20020a170902ea0700b001c3749f6a5cmr6270258plg.12.1696522653023; Thu, 05 Oct 2023 09:17:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696522653; cv=none; d=google.com; s=arc-20160816; b=jYxagYSl4nG7mzvSeIJhBVZ+yZG3kVxnofXTY9r9QkQyGq2NcPIYMq2PrOrI/F4dDo tFvAYysYyWZKFmCoW5zg2oEg+ZoJOLA4kys55v/IkLSJktOCvhS5BKHLjmc3eo7HNZxA wZ1fSHJZlMghbhPqGtjdLvG5mP2YuQ7do2jsjID35Um6jvaB9zrran5l6XhrEOm3V8GT 8wzNEDxbLcgE3VADNZRbexSQgDseu93HBUC2K36OEhMGB3ZI6FBFkHWxwrCCG4xE/gky oPvmNir8mooDUswiOY3LiN5Lvg4ERQIfO4TCFURXWlC6hxZi7eoX//LLSxLU6rF4OObH Bj1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=UIbClnluXXm7tzBo8R0egubgbNZCa9FUtfT45WqWEaw=; fh=mMbwRmgLAQ1MCrOD78zu0m45BW+b29sIbsE8Bg1ipi0=; b=CXiG8ikESllh5/rtd+GtHLtyNYIp41+0fjsHL1f5LNRHm0o5igrwVQTQ/kpuGE0k6S hOMfJBpQoidfQ+8Jsu4B+d7OgGTXGE4KGBI73WSiKVfiNGdrw9jdNIEWKfn8ZoON3Qof ZHRkSYv/CnE8XxUPorq6K8Gg38rY37JbLU793bTcTKZ8D21He03qOTYOsfPhVmFx/tr7 wUBeB93PrtEm5vWMiwiC1VsXH4kiFfUbOq5ATY36Ux0Vp+7l9+9s7qH+19SqI6Ieqczo RpMwyofG0RmGhmj4KnioZuQAHOgpOEvyjx0vv087KdRigo6cB6f3RPk/kqNCpjLryvRK UCtA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=A34CFJbJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id cp12-20020a170902e78c00b001c5cf1c30cfsi1711316plb.435.2023.10.05.09.17.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 09:17:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@szeredi.hu header.s=google header.b=A34CFJbJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=szeredi.hu Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 864CD8112984; Thu, 5 Oct 2023 09:16:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241191AbjJEQQC (ORCPT + 99 others); Thu, 5 Oct 2023 12:16:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241001AbjJEQNR (ORCPT ); Thu, 5 Oct 2023 12:13:17 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B38553407 for ; Thu, 5 Oct 2023 08:47:33 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-99de884ad25so210132266b.3 for ; Thu, 05 Oct 2023 08:47:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; t=1696520852; x=1697125652; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UIbClnluXXm7tzBo8R0egubgbNZCa9FUtfT45WqWEaw=; b=A34CFJbJNOQHh16uipq42ogpUAnfu4V8c8TuMTe/W6ZS1fj+RCy9MC+AIcWpP+Va53 BrKyct1gSCxej2UGQ7ePhqm1IqeTUBo3LST6tXYw94/POs4sNnk3OzFmEeWubPXegQ06 Y+qEX7z1Ug88Eb3dLZARoAga7Mza2twAsUyrQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696520852; x=1697125652; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UIbClnluXXm7tzBo8R0egubgbNZCa9FUtfT45WqWEaw=; b=Bm45JFQgir9kCdvh0sUy1TdZliWm9urwpi+Z3mw5TB16P77t/urL6vgG9Hw+oVtySN X6trRKlvvZiZ/Tz4epKsOcgt9nfRH8hAOYua6uZHa3s3W5xxjlDb1ojjKkpnM8zklnm5 APetDRNE308Y0Li9SRHndQXvAIDvVBYROG0BL7btgHwcnajXDwXLVYCNKrY9lHz50Fwc f97+k1INX3MgE8J043WXqbHsy6tNbcZ2hXzDwhb0kk9TgsmXQ8Q7cbOfKEzLdyvPrOcJ 6H+VkTn9JxVwsR6fa1wOtboxQF13C+qlq8/O0Fsk432Ofz8Lwlk03sOB1koGU8cwzYVd Sgrg== X-Gm-Message-State: AOJu0Yxlwo86Fl/6bQ4h+SE8MMg1GwsgfcFdhRue6COjlwvESPvuCwTc vWppopCbCX33qANWH5/wHqiFamHg46evnelU6wD6Lw== X-Received: by 2002:a17:906:cc50:b0:9ae:7611:99bb with SMTP id mm16-20020a170906cc5000b009ae761199bbmr5442107ejb.59.1696520851931; Thu, 05 Oct 2023 08:47:31 -0700 (PDT) MIME-Version: 1.0 References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-5-mszeredi@redhat.com> In-Reply-To: From: Miklos Szeredi Date: Thu, 5 Oct 2023 17:47:20 +0200 Message-ID: Subject: Re: [PATCH v3 4/4] add listmount(2) syscall To: Ian Kent Cc: Paul Moore , Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Amir Goldstein , Matthew House , Florian Weimer , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 05 Oct 2023 09:16:45 -0700 (PDT) On Thu, 5 Oct 2023 at 06:23, Ian Kent wrote: > The proc interfaces essentially use ->list to provide > > the mounts that can be seen so it's filtered by mount namespace of the > > task that's doing the open(). > > > See fs/namespace.c:mnt_list_next() and just below the m_start(), m_next(), /proc/$PID/mountinfo will list the mount namespace of $PID. Whether current task has permission to do so is decided at open time. listmount() will list the children of the given mount ID. The mount ID is looked up in the task's mount namespace, so this cannot be used to list mounts of other namespaces. It's a more limited interface. I sort of understand the reasoning behind calling into a security hook on entry to statmount() and listmount(). And BTW I also think that if statmount() and listmount() is limited in this way, then the same limitation should be applied to the proc interfaces. But that needs to be done real carefully because it might cause regressions. OTOH if it's only done on the new interfaces, then what is the point, since the old interfaces will be available indefinitely? Also I cannot see the point in hiding some mount ID's from the list. It seems to me that the list is just an array of numbers that in itself doesn't carry any information. Thanks, Miklos