Received: by 2002:a05:7412:8d06:b0:f9:332d:97f1 with SMTP id bj6csp82738rdb; Mon, 18 Dec 2023 09:28:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IGh7jKVtjuxCOIB1N1mnrYQFDIS2XKS3pC+8heTeSk1VMutbTVJQ9gjlIhB7/TaQdh5weCb X-Received: by 2002:a05:6e02:1ba5:b0:35f:889b:c036 with SMTP id n5-20020a056e021ba500b0035f889bc036mr10726354ili.24.1702920489469; Mon, 18 Dec 2023 09:28:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702920489; cv=none; d=google.com; s=arc-20160816; b=htgMNrxD+qJchH+ZkO8SjE8dDUUuitvQjAeVnJB+Hu0hdVcOPrni+WB71wIN9ZcF/3 mSKlrzXOGM44yGwpVSTu02prQwPDp2s+Vc5d1cILyVqqpw+gOiqXZp6p3VCPYREaUEyg qjaNE6p1m3OFrwGYN42d4v0vCy3mRYk5Ss6md4bdXD4/ekhtXeoNK8UUygERw9BPVTzu XlRecg7YZ/9+e7eP/u3IDnhdhVzBzMjR8I3DuZFHV7g/1d48c4b7Cq0NCzteub86Cw/1 yV6dBPwa2fqHkx12321esjEDi7Gq9paEiENeWIoXp9i3aTm+uOk4vBnWGTqFedGdVQ2h SOqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=IQ+d8lXK8t7tOQUPKwNZqHs+rv31L7RvHxCGty4EDjQ=; fh=ncWPOfVdP22IPgpLtxos9PfzFtzMwAJE8DuDbs6xzQc=; b=dEvJPGNOJrjcGvIbSur59vvEWL8mhtTPWlU3lljV8rdAbO/dceSTfOjyODs9X51VqB +geWKXFjlYxkuVUQTNOCBqNhIV/KTrsCG5R/9lBVnwfIIDs6+Y1AjkYFYiGDPdZfqFHs Fe2vvZu2PZX8f7AQjhegvMuQsq2TEEnYJx6CN5KxtN60Om/YPO7aEBb8UOPPRcwcJ9pY dFJgEUAhqZtX0h5BIz74L15/MxQs+FmrsYAHaJ9TU2ipDQL3Hk8Nyf76fEavqZ2dRacf 0VJAX+cR/JnWtOM6RtKjoeRd3VrvTWQWpzizRQas5YUCIE3Ea6Lu02hddiyVvvTWvklq UsyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="BfAB2A/H"; spf=pass (google.com: domain of linux-kernel+bounces-4155-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4155-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id m2-20020a656a02000000b005b942de1e92si18552467pgu.443.2023.12.18.09.28.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 09:28:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4155-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="BfAB2A/H"; spf=pass (google.com: domain of linux-kernel+bounces-4155-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4155-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 76291B239D8 for ; Mon, 18 Dec 2023 17:22:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BB7D65D743; Mon, 18 Dec 2023 17:21:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BfAB2A/H" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD3F45A867; Mon, 18 Dec 2023 17:21:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-28b4563a03aso927175a91.0; Mon, 18 Dec 2023 09:21:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702920090; x=1703524890; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=IQ+d8lXK8t7tOQUPKwNZqHs+rv31L7RvHxCGty4EDjQ=; b=BfAB2A/H2yDFX6dJgfiiISJ4I/auxguCWTmKfZI4t4s+TQD7foHIFtgoXapgbWJ+rQ zxDYabstJyzK4lZaXKk1ena+9z5QRuKUpBddkKRqDtDdk35qUlcVxP29okMLZXe7TEs/ 1jOOIJ5gFKqG1So7PJNiTE5vggbQuCR+JM17IYdjGncOw0AA3nXWIvol6L79OzeaFidr ummEMXPw/ScrUbZ/mGFSGO7tQr5xatS2G6WwKWreaUTHGa9jCr1XzJG4yv5vq/ITz94p 9WByGpWEnYSXzhFWbZzG0r5fjkJrezeP3b2Z3qO6nBKJoyfGxkjalr6qMO6z0L/a65G1 31FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702920090; x=1703524890; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IQ+d8lXK8t7tOQUPKwNZqHs+rv31L7RvHxCGty4EDjQ=; b=asAVnCW5EuDmf33HylUkiD1sPyer0C1e0VIWaxtrVfcbJz6ulz/rcDA1b906A+oWc/ VAkCvV8Cj8B3AJds2JgtHxhd7WCMpzuG1KECzMFik9/3+DZu7mmIvL6ra6N99E5DCQWS YSXj5l599jGet/NkA/YAwkHJFnT307aHzk9daiKFSIRduVJO22aqvf0pa0rdxgrQ8Kh0 IQsgjnn71vDFzo0hs90uN6wyCNehxuk3hhrRST2BSD0AWPYxS0NDH2iTP6zpMyL4sYDm wVpn9FsjI2O1siqMuoWEPecZklL2KhHy+TZvsxglRJMtCIOLR2TINI3gjfqxyeLSkJOB fKCg== X-Gm-Message-State: AOJu0YwmVP8JTzG/QTd/VOtA4il/YXrEhe78fLiD3qs4dIsUK5iTdspe /P7ZozLnuPDamRk6H7RX6NQQyRP6Z/6fnIA0J8k= X-Received: by 2002:a17:90b:1495:b0:28b:4d97:e53c with SMTP id js21-20020a17090b149500b0028b4d97e53cmr978070pjb.99.1702920089836; Mon, 18 Dec 2023 09:21:29 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231212131712.1816324-1-maxime.coquelin@redhat.com> <20231212131712.1816324-5-maxime.coquelin@redhat.com> In-Reply-To: <20231212131712.1816324-5-maxime.coquelin@redhat.com> From: Stephen Smalley Date: Mon, 18 Dec 2023 12:21:18 -0500 Message-ID: Subject: Re: [PATCH v5 4/4] vduse: Add LSM hook to check Virtio device type To: Maxime Coquelin Cc: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, eparis@parisplace.org, xieyongji@bytedance.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, david.marchand@redhat.com, lulu@redhat.com, casey@schaufler-ca.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Dec 12, 2023 at 8:17=E2=80=AFAM Maxime Coquelin wrote: > > This patch introduces a LSM hook for devices creation, > destruction (ioctl()) and opening (open()) operations, > checking the application is allowed to perform these > operations for the Virtio device type. Can you explain why the existing LSM hooks and SELinux implementation are not sufficient? We already control the ability to open device nodes via selinux_inode_permission() and selinux_file_open(), and can support fine-grained per-cmd ioctl checking via selinux_file_ioctl(). And it should already be possible to label these nodes distinctly through existing mechanisms (file_contexts if udev-created/labeled, genfs_contexts if kernel-created). What exactly can't you do today that this hook enables?