Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp504993rdh;
        Tue, 19 Dec 2023 05:44:19 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFvPdpAlTbfWwI3H3XyFoqsDOY91fPprArvHL7YlqoxkvXIDW+qYRh9yUhaXsNzlKG3tAo0
X-Received: by 2002:a17:902:c408:b0:1d1:c96a:c72 with SMTP id k8-20020a170902c40800b001d1c96a0c72mr13098849plk.49.1702993459719;
        Tue, 19 Dec 2023 05:44:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702993459; cv=none;
        d=google.com; s=arc-20160816;
        b=xu2lkRB3kfdbQ/obhDqWAvges7N+qByf8vWge0dEZrSZaIfvo+PkB6wTBmzbvWRFuv
         qq9BHjlJ8+Sf+LY0qwc11zAP0L0+sp5DjImT/+tTpjwfPr2DHFd/+Y34kI0TWi3qzu2m
         CD/pOavAIrbqY8/dH48Cs55dVWVgkMLTkvwHMFSm83G/Eb3B5rQjw+OJf/THUpZ5Bb3s
         yJa6E1LEjqd3mnnTHsSKLfBaDT1k+f/VPV2EK3SLvzEfHRjNjjRBIM8ecJqGyfaB9Ary
         LBnx/f/1GCAVBbkRrb4FtNm4oEh1N5pH01vFH75cvS/Z2/P225HfpuyOmTkX8fCKVQQ/
         oSTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=85MC7cgpkPCUWh0/C8WDuOGLM+4AcByal2VMdxrQAf4=;
        fh=oIPB+cGyMw+1ycrDc/yjAkEJHdGRTFspRN6m8ctuF5s=;
        b=kUF2h+Lv0Wc+yb744iFHQcR2BnuJuei3N9TIsulYvVKLUmVT4VYTdkBKLMZR7KU4x4
         iFu4wbo2WpJV3UI+GjtQ268U3GmoGofdb96Z+LqHzb7Kdj1bPLgGIzMy34dznOvcQWl2
         lsvgoziC5yDvAXsy24QBNDfqfNYuE9aD6FXlVscPECeKKqtYiHRFh4q4qMu17AQgosSH
         ZRcI+HJM4PlIa9NCQ0fvnM5hucuio8V6KMIfN+2HtfUVGBeFJ0HoeurcXkquqhgElDCc
         pKrp2CLx9J7kyQuOMRDTzbzeQvv7bo58Mda9NIBrf/60NDegr8P77AU5qu/+hNjAmdZw
         DrHQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g6D0Qy0h;
       spf=pass (google.com: domain of linux-kernel+bounces-5272-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5272-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-5272-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id e2-20020a17090301c200b001d09c96ba1esi2853189plh.452.2023.12.19.05.44.19
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 05:44:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-5272-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g6D0Qy0h;
       spf=pass (google.com: domain of linux-kernel+bounces-5272-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-5272-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8ECD9B222AE
	for <linux.lists.archive@gmail.com>; Tue, 19 Dec 2023 13:44:17 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 4EF811A27E;
	Tue, 19 Dec 2023 13:44:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="g6D0Qy0h"
X-Original-To: linux-kernel@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7217F199AD;
	Tue, 19 Dec 2023 13:44:02 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62D88C433C8;
	Tue, 19 Dec 2023 13:43:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1702993442;
	bh=85MC7cgpkPCUWh0/C8WDuOGLM+4AcByal2VMdxrQAf4=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=g6D0Qy0hJsH5qNmaB5hjpTpOng9pk2ajAjDXQIE1fZrJ61OPW3n3K6uK4Ie9Zst+P
	 BaIDxQtmvsIaDm7M90FXjJaXBDBw3MXjONSNwJTMB1qwT2Ccc/6VqWNS19KaDI7fjm
	 Kzpsb+yO2mvUrJtvf0Wwce68JIliTG5gNGF+UyBY0Uloi+pJhOXDxOQwNXu5PaU8aL
	 KpnA5Gh0VS4WoakXZxKYH+HBv5aIxU4kIU9lLXkp9saf9D+e2agt2Att0iwqd92bMS
	 NXDVXq2mO9S8g8NSi6tLYNuPfIfmFKPMQtA9UbdqecqsPHvg9GAFNiOLd05Oh+sreB
	 92hv7+lSTSQOQ==
Date: Tue, 19 Dec 2023 14:43:53 +0100
From: Christian Brauner <brauner@kernel.org>
To: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Cc: Michael =?utf-8?B?V2Vpw58=?= <michael.weiss@aisec.fraunhofer.de>,
	Alexander Mikhalitsyn <alexander@mihalicyn.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Paul Moore <paul@paul-moore.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,
	Yonghong Song <yhs@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>,
	Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
	Quentin Monnet <quentin@isovalent.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Amir Goldstein <amir73il@gmail.com>,
	"Serge E. Hallyn" <serge@hallyn.com>, bpf@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-security-module@vger.kernel.org, gyroidos@aisec.fraunhofer.de
Subject: Re: [RFC PATCH v3 3/3] devguard: added device guard for mknod in
 non-initial userns
Message-ID: <20231219-gebaggert-felgen-279a8e8716a8@brauner>
References: <20231213143813.6818-1-michael.weiss@aisec.fraunhofer.de>
 <20231213143813.6818-4-michael.weiss@aisec.fraunhofer.de>
 <20231215-golfanlage-beirren-f304f9dafaca@brauner>
 <61b39199-022d-4fd8-a7bf-158ee37b3c08@aisec.fraunhofer.de>
 <20231215-kubikmeter-aufsagen-62bf8d4e3d75@brauner>
 <20231215-eiern-drucken-69cf4780d942@brauner>
 <20231218170916.cd319dbcf83f2dd7da24e48f@canonical.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20231218170916.cd319dbcf83f2dd7da24e48f@canonical.com>

> The only thing that is not clear to me about the sb_device_access hook is, what we can check inside it practically?
> Yes, we have an access to struct super_block, but at this point this structure is not filled with anything useful. We only
> can determine a filesystem type and that's all. It means that we can use this hook as a flag that says "ok, we do care about device permissions,
> kernel, please do not set SB_I_NODEV for us". Am I correct?

What the the LSM needs to definitely know is what filesystem type and
what user namespace are relevant. Because this whole thing is mostly
interesting for the != init_user_ns case here.

And both things are already present at that point in time (Technically,
kernfs stuff can be a bit different but kernfs stuff does have
SB_I_NODEV unconditionally so it really doesn't matter.).The thing is
though that you want device access settled as soon as possible when the
superblock isn't yet exposed anywhere. And for that alloc_super() is
pretty convenient. Then you don't have to put much thought into it.

But we can always move the hook to another place. It's also feasible to
do this in vfs_get_tree() for example and provide the fs_context but
again. I don't see why we need to do this now.