Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp692704rdg; Thu, 12 Oct 2023 19:40:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG7mpSFnF09YEG819TWVlrBsLbitKGkVKS4nYBLmreTqiKicYHBB8oBxXLj8Mom6lQt2Nv5 X-Received: by 2002:a17:90a:c254:b0:27d:1f9f:a57f with SMTP id d20-20020a17090ac25400b0027d1f9fa57fmr3766890pjx.32.1697164820768; Thu, 12 Oct 2023 19:40:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697164820; cv=none; d=google.com; s=arc-20160816; b=IwgdDoo5Px9KXdUzNiSyiGIuzG53a3+XaGbTqB+b0ib/N1jWeDN5sUSmkji7mLFZ+3 9ttQo9f/APlGnElxDNrPgVgzGE7d5hNQE14hUChj1VRRp21PauwnmSSSEhgSkRYngF+q WWivOGg6hGQe5FfalI8itccf1dmXxAPf1DapZI4sEQgi0fEubjspT+os92Qn2rVkEuwO nGx2d1LcDgmkaOE4ypAN8ZFLEyJ1yws8lCXgq63H4Ifh4JWyGj69IvAFNYpOxps9IxvR UUUfnSlCS7M9kdIbSuPKNDvFA9iSWGBTUrp9MqbTJ+JLoi2+fpLkWfB1++6hwHTrNvdP 1dAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :content-language:references:cc:to:from:user-agent:mime-version:date :message-id:feedback-id:dkim-signature:dkim-signature; bh=v/NfjpcqgjT4cCUGFXPV+Rh0Ny4ORRueTJGR6kwHMb8=; fh=a7Ne6a4ZQdnr/Ex8wmamWOIekFw38qqxY3hVscOiUCE=; b=mxG51gcnL/5veC1rLUvJi8PYUc3OUPQ3rRuaViIeEcDy/oUTUYJMvogXXz4elZOWne 4vvJTAa/XG2imEmbn2LUtJJNSGjPpm/yKh9zpTVFyPouhCJYVgrakK7JYCdCAXeFl6z4 udSqp4NJ77KT/NF6mrQi7S14KxRmu9fOn/qaFvhrhNH2PiEPAT2lF8TUL4s55siCSDJd P86hRCbDP+PEbjl3VFJohrdv5FOIWvkr6cqx4mLEQjlePrwU0IIX4Y6H3WiZP/ZfQRl2 rhCqnJ8Vhfzqih3lgmTLXeG2hHK2h7yQSyktfLaNJD94S3/NH6Wfnmn/chAxq8kbK7oP OrYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@themaw.net header.s=fm1 header.b=h98MYJKT; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=Jt+wF3cE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id lk15-20020a17090b33cf00b0027d0adde858si4001294pjb.48.2023.10.12.19.40.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 19:40:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@themaw.net header.s=fm1 header.b=h98MYJKT; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=Jt+wF3cE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 7EC9C81A5A48; Thu, 12 Oct 2023 19:40:18 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229524AbjJMCkG (ORCPT + 99 others); Thu, 12 Oct 2023 22:40:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60490 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229499AbjJMCkF (ORCPT ); Thu, 12 Oct 2023 22:40:05 -0400 Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7C4DDE; Thu, 12 Oct 2023 19:40:03 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.nyi.internal (Postfix) with ESMTP id 646F45C0380; Thu, 12 Oct 2023 22:40:01 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Thu, 12 Oct 2023 22:40:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=themaw.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm1; t= 1697164801; x=1697251201; bh=v/NfjpcqgjT4cCUGFXPV+Rh0Ny4ORRueTJG R6kwHMb8=; b=h98MYJKTyJxh5BlvDbqEbS/QDtKUAxWwg2gGTDuH6bPyNZVeWqr wx7264K7BBz32R/co1ATerAhNOMz75YLvm0fgTpgMMNQu55w/LVhZfVZ8OAJaCJq 7nb9dXr37pUg3xsw+b7il6/ccYQEcPhPb1vK4CCQEDrzy95IV5o4SoOHlrLXJpUS Eb6yPF/vCqUumwQwHr6SUOmSXmec1KGdbHy/VnWCwJ1VS7MFAVN4kRWjtDai5r4e 6Iyb5UfYgyfG6nkNOqOd32AZHM4b4h2XiUHG2i77ha6HhTxsKzAs97rGYCPcA6Jm X5Z16cCuPlMvm2fDFuvmbQ+0wtUWZGtKmxA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1697164801; x=1697251201; bh=v/NfjpcqgjT4cCUGFXPV+Rh0Ny4ORRueTJG R6kwHMb8=; b=Jt+wF3cEaxzWcr3/XY+Wti7uxW1slOr+Hh/k2JZeVBiHjcLII+Z nY0JUMQAUmDbFKRWkpDfuKIptHIvAR4kGoNSizhDviET/VuKiZVCLSJwzXlYZuVd CpnkeoHXGKe3B0+EamZEayG0kSpjwW7ne9v4AUmksO5OEuGQtcIFvB9B8Tp7Kdlb 8KnNMyLprmaqX8wELioBDQZV7M5B73HYVbhOMQu/7XxjsD97mBwdVhOEsAQdEYiM 4Zs6ZIclabu89A++eIi9tF47Z7p4t5528a4i5yVVr0vyQgwSV2oj8Dm/R1FxOYyU hjjXgGv4TTuQcjNkFh96NNn3NsYXWo/LI0g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedriedugdeitdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefkffggfgfhvfevfhfujggtgfesthekredttdefjeenucfhrhhomhepkfgrnhcu mfgvnhhtuceorhgrvhgvnhesthhhvghmrgifrdhnvghtqeenucggtffrrghtthgvrhhnpe ekueffkefhffetjeeikeevtdfhgefhgeetfedvgeevveejgeffleelffekveejtdenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrrghvvghnse hthhgvmhgrfidrnhgvth X-ME-Proxy: Feedback-ID: i31e841b0:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 12 Oct 2023 22:39:53 -0400 (EDT) Message-ID: Date: Fri, 13 Oct 2023 10:39:49 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 From: Ian Kent To: Miklos Szeredi Cc: Paul Moore , Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, linux-security-module@vger.kernel.org, Karel Zak , David Howells , Linus Torvalds , Al Viro , Christian Brauner , Amir Goldstein , Matthew House , Florian Weimer , Arnd Bergmann References: <20230928130147.564503-1-mszeredi@redhat.com> <20230928130147.564503-5-mszeredi@redhat.com> <7fe3c01f-c225-394c-fac5-cabfc70f3606@themaw.net> Content-Language: en-US Subject: Re: [PATCH v3 4/4] add listmount(2) syscall In-Reply-To: <7fe3c01f-c225-394c-fac5-cabfc70f3606@themaw.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 12 Oct 2023 19:40:18 -0700 (PDT) On 6/10/23 08:27, Ian Kent wrote: > On 5/10/23 23:47, Miklos Szeredi wrote: >> On Thu, 5 Oct 2023 at 06:23, Ian Kent wrote: >> >>> The proc interfaces essentially use ->list to provide >>> >>> the mounts that can be seen so it's filtered by mount namespace of the >>> >>> task that's doing the open(). >>> >>> >>> See fs/namespace.c:mnt_list_next() and just below the m_start(), >>> m_next(), >> /proc/$PID/mountinfo will list the mount namespace of $PID. Whether >> current task has permission to do so is decided at open time. >> >> listmount() will list the children of the given mount ID.  The mount >> ID is looked up in the task's mount namespace, so this cannot be used >> to list mounts of other namespaces.  It's a more limited interface. > > Yep. But isn't the ability to see these based on task privilege? > > > Is the proc style restriction actually what we need here (or some > variation > > of that implementation)? > > > An privileged task typically has the init namespace as its mount > namespace > > and mounts should propagate from there so it should be able to see all > mounts. > > > If the file handle has been opened in a task that is using some other > mount > > namespace then presumably that's what the program author wants the > task to see. > > So I'm not sure I see a problem obeying the namespace of a given task. I've had a look through the code we had in the old fsinfo() proposal because I think we need to consider the use cases that are needed. IIRC initially we had a flag FSINFO_ATTR_MOUNT_CHILDREN that essentially enumerated the children of the given mount in much the same way as is done now in this system call. But because we needed to enumerate mounts in the same way as the proc file system mount tables a flag FSINFO_ATTR_MOUNT_ALL was added that essentially used the mount namespace mounts list in a similar way to the proc file system so that a list of mounts for a mount namespace could be retrieved. This later use case is what is used by processes that monitor mounts and is what's needed more so than enumerating the children as we do now. I'm still looking at the mount id lookup. Ian > > > Ian > >> >> I sort of understand the reasoning behind calling into a security hook >> on entry to statmount() and listmount().  And BTW I also think that if >> statmount() and listmount() is limited in this way, then the same >> limitation should be applied to the proc interfaces.  But that needs >> to be done real carefully because it might cause regressions. OTOH if >> it's only done on the new interfaces, then what is the point, since >> the old interfaces will be available indefinitely? >> >> Also I cannot see the point in hiding some mount ID's from the list. >> It seems to me that the list is just an array of numbers that in >> itself doesn't carry any information. >> >> Thanks, >> Miklos