Received: by 10.223.164.202 with SMTP id h10csp63575wrb;
        Fri, 10 Nov 2017 02:38:51 -0800 (PST)
X-Google-Smtp-Source: ABhQp+QYzk6xF7+2uo3ywt5nnUwv+89t+9Vlv9vJFuqu6LiEU9JUmeTGb6Cw/tfozEmozwLItMU7
X-Received: by 10.98.46.196 with SMTP id u187mr3911350pfu.177.1510310331333;
        Fri, 10 Nov 2017 02:38:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510310331; cv=none;
        d=google.com; s=arc-20160816;
        b=rWgwEWWDEX/wVyxiPPqqYsWwSRPoFMyvoT6R2Hm9TtfB+aEKCjzvsepNsGFFN+UKSi
         S1veJnPds1DS8T7aRIRXEmJhgMeZvT/6p7uMZi+FmV29vf4wrdcfBWnXefyLkIPRXmTo
         Cs8pht5kJ29sKIF0wv1MBFrbiJaC40owI3DIUZ4/1sepNYwAV5SNq3yPGs6v7mEaig5k
         aRdhRAmxGxBBd/TwUfe4q13qCWzWefda9c5ZRcDYwFjg9O5OmSFFE9GdbKDNUuRrwC5T
         cY+2f8hh3t60GtwDe/QkDjAonhRyxZ2EMRd3SG5p109yfPGkPUpp7qAEViXV5HBea3si
         GgfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=xXvhFb6HumZNsrnDAyMWRGYt89s8nv8UEbnHM7tg/f4=;
        b=Bskwk4kelDB2Hsq/6GBBah4jWS8is40EzZARgqHqA2ykKdIksP2/l+a/GqvaBpROzr
         qszRFjRzQc1SNpFFcEIPq6+fJ9bHSxRunCqL894LY1IbLnKnu7FHn2jQugH+rYGh+h6M
         l6kN20n3luUK38Qu198IZxistEXP7rMbfrerO3T4ZZzCWbsmUKmqHVCATxZc7Y3h11Pe
         TrB2OPuTBcJLPbzNigBCf1wDHpwLtqfITOi6NWlVgHq3AdhivDw4vtCWnd2WfVE71o2B
         aFfJlGzIsKuHGcw53HBGbnGxBKh7TDCVljjkJiBVnaMo7wGoJmZDZ7rh4kKnJSgVramu
         YpPw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=blXrENLF;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w5si8030032plz.57.2017.11.10.02.38.39;
        Fri, 10 Nov 2017 02:38:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=blXrENLF;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752799AbdKJKiE (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 82 others); Fri, 10 Nov 2017 05:38:04 -0500
Received: from mail-qk0-f181.google.com ([209.85.220.181]:57160 "EHLO
        mail-qk0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751683AbdKJKiB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 10 Nov 2017 05:38:01 -0500
Received: by mail-qk0-f181.google.com with SMTP id 2so10495545qkg.13;
        Fri, 10 Nov 2017 02:38:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=xXvhFb6HumZNsrnDAyMWRGYt89s8nv8UEbnHM7tg/f4=;
        b=blXrENLFdph4nP9SK5jHHm/9/PyBFyuo6wwkT85LAHAKw41d/CltukhUU1fb+p8ouI
         BZrDWUmdGt0mhzUNFuetPzLCBx49TPQGSXQykHC4Q02k87yKPeuLdxRY4f18IwlCSQRJ
         GYXko1E0JydtGy/10BUhHP58UMQY/mCCYn5WAexeyqQRDWtzlO+CdlB4eLosO930aSgB
         sFAYuMvnf8RxwvkLQmC8xId3Of03BZTmt2Hiufv30StoKaSehP79hWzpYvhtySbf2QXq
         yg3r1M0mmSvXH5BokIAHKYEwvO/tKgDnjlhj5AQOWkzXWPTLD68LH1n0o0XHr9kZi3+X
         7BAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=xXvhFb6HumZNsrnDAyMWRGYt89s8nv8UEbnHM7tg/f4=;
        b=t99lsSqfL9ITd0f66SK6yTtaJOaYYqe3JdWGFmPmqgm9jYr3aAwjBi85SDbgn6FijO
         Tbf4ALOhFrJjGmEB4uMgjg8rfO+zVeRg/iXNT4+qgZyRSe5fO2sdVYfOiqzidCnZZKU2
         RU6RcYsALVwwubpIM82Eu2+biNEY+7fcCmzTjo9cQiHI7bcqXNNTErnPUhs6zhq077Aj
         6r6pBBQ6ZxwirIV5aaD9kozlIH8sNA/1h2ImAYA8gBQtt9GPFQG/a4PKnlfx/Vxik10c
         7ULjnSt3akrdIlsphEMkhfZ68eES9cMlhno1KX74fnPhPemK6Xx2hHlpGHn/413WI1lm
         7+7A==
X-Gm-Message-State: AJaThX7ze9BhQfXlz41LSz7/JKH5CDC73d2mCTpbEIZB82cuMn5i1Z3r
        JSQbSargrPW0yU41yT3QmsJ1Qk02fKb/yjopySs=
X-Received: by 10.55.158.9 with SMTP id h9mr5999148qke.245.1510310280803; Fri,
 10 Nov 2017 02:38:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.102.80 with HTTP; Fri, 10 Nov 2017 02:38:00 -0800 (PST)
In-Reply-To: <CALCETrWX=GN4KoxysJwDUhYs-fu3wdJU=pzTTKgQuKwa0O2k8w@mail.gmail.com>
References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com>
 <1510244046-3256-7-git-send-email-tixxdz@gmail.com> <CALCETrWX=GN4KoxysJwDUhYs-fu3wdJU=pzTTKgQuKwa0O2k8w@mail.gmail.com>
From:   Djalal Harouni <tixxdz@gmail.com>
Date:   Fri, 10 Nov 2017 11:38:00 +0100
Message-ID: <CAEiveUe5pRBConqj_QhD6Kax2rH4nAD+=7X5kWX-+C66v-kS9g@mail.gmail.com>
Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option
To:     Andy Lutomirski <luto@kernel.org>
Cc:     Kees Cook <keescook@chromium.org>,
        Alexey Gladkov <gladkov.alexey@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "kernel-hardening@lists.openwall.com" 
        <kernel-hardening@lists.openwall.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Akinobu Mita <akinobu.mita@gmail.com>,
        "Tobin C. Harding" <me@tobin.cc>, Oleg Nesterov <oleg@redhat.com>,
        Jeff Layton <jlayton@poochiereds.net>,
        Ingo Molnar <mingo@kernel.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Daniel Micay <danielmicay@gmail.com>,
        Jonathan Corbet <corbet@lwn.net>,
        "J. Bruce Fields" <bfields@fieldses.org>,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        Solar Designer <solar@openwall.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Nov 10, 2017 at 3:38 AM, Andy Lutomirski <luto@kernel.org> wrote:
> On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni <tixxdz@gmail.com> wrote:
>> This patch introduces the new 'pids' mount option, as it was discussed
>> and suggested by Andy Lutomirski [1].
>>
>> * If 'pids=' is passed without 'newinstance' then it has no effect.
>
> Would it be safer this were an error instead?

Hm, I tend to say that you are right, but I also keep your comment
when you said that "newinstance" should be the default later and users
won't have to explicitly pass it. What you think ?

-- 
tixxdz

From 1583646165373428964@xxx Fri Nov 10 02:57:54 +0000 2017
X-GM-THRID: 1583605822042825994
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread