Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1458466lqo; Sat, 18 May 2024 04:17:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUzawIQXZN5fzPYrk84RqRIpMTEw8vgI2LZgv+WbpAtTLjj4NsC+MUz9s4BJFcoIcX1LpB2P+fSvCaVmdoGBTmCwM92DOeYJMIXvrfcgg== X-Google-Smtp-Source: AGHT+IF2FS6doDUBfHbh+au2tTnDzOWSzMrmBZiqwszuQv5HNE9vWpXW0F1lUGoKQzThR5Ys4oRl X-Received: by 2002:ac8:5a56:0:b0:43b:14a:fa65 with SMTP id d75a77b69052e-43dfdac409emr268340311cf.28.1716031061742; Sat, 18 May 2024 04:17:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716031061; cv=pass; d=google.com; s=arc-20160816; b=1AtAg3WQyxeM2W9AGcMPYwLvMN4JUhy9qpH7nGczUjcSOJUWUw8OsGcbY4U1EmvaDA KKz/03ftPVG3jcU9V34fmL9AoJqLOVIk89su0BGkVtRyirVtQP/+t5k3StdzBMJC7twb EpDMkE2E7GnTQ1l1MgXOpYvHrjxNfLMnwmZICILWPkq0+QBgCyX98XajDi8NEC/RAfXa xflDUIQPeRbNt/pvmECOsCEucV1PKVMXVcm2izQAfiYd+FbsHFAgTAOq0H3xraQTs31U KEAlMVO2eeZqopmEXUHpoQOq9YY7G1Ymd4mKa5NxxgcLrKeoiGVSzO3gkYnBT0+XKE5Y E6Lw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:subject:cc:to:from:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=OuTyIJpw4THU83E4QH0la6A+4g8vZoMGoOnXcdCfLz0=; fh=DCfTTlAi4z/IOVAs/XfTNqVoKv2hzmzRv2/h+AauQ6c=; b=Dyo9eJZ0lPDOLlCzBSF/Sai8Ou7KTDN+mNuyUYdYuYoTU1pk7e50PusAy7jqhX3SN7 6CCLhE9pSlmpOSfXOcSsmM7M3P5FgnsTNrYTvzk8gBQFWFr8vgUkAMWvk+ebDiMeWsrP dYQ3dUyA+ITWMhoxKo+H4cPjh98sWXM0pZ+nkaV1yOHwEFbtUX96XeTUOWs3aAt0dcIo ZKJ3hJJvdXcQBU4sr7/KP+NXWp2fc754a2iOVeJxZYwkF+JSomogVaLgjEw94OXFn/w+ mQkVtlCVIx9XT/C8vPlA/MqhowaKA8+I1dkTzQY2+MCYAnX/0Znhji05FSU3ScX3f+/g WsIQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MrSggykd; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-182825-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182825-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d75a77b69052e-43df56b1450si37590761cf.552.2024.05.18.04.17.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 04:17:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-182825-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MrSggykd; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-182825-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182825-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 765C51C20F35 for ; Sat, 18 May 2024 11:17:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 368872E403; Sat, 18 May 2024 11:17:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MrSggykd" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C4DD2629C; Sat, 18 May 2024 11:17:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716031051; cv=none; b=ToTwbE60Hr4wV/AWMUxAohA4Mz5oQ4zS4VK9/BZSv4BR5M5rjW0ltJwJ+wVk7wUyUXmJc50HRIiR9nQDC6IAizyApTzjI+k7r/pmjo+1xt4B9/kNq9nsPgw5XP4gcQmbuEL1fXeSlOnVQiue8SrGpZTBY6uqQYOoqL32QQK1wvw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716031051; c=relaxed/simple; bh=OuTyIJpw4THU83E4QH0la6A+4g8vZoMGoOnXcdCfLz0=; h=Mime-Version:Content-Type:Date:Message-Id:From:To:Cc:Subject: References:In-Reply-To; b=ChkRcuI3Hs9F/H/TJerNq6/07Zf44A0HxOUT/4hW+r7jGi9jPjE/lHSJ3UvfVzMKmPjtXVMxV3pHXJiUFJ2KeTj8RvJxlPIXFDXPhKWGD5e6+wMW6ItgNxHeedO+y2Cy16rBNMRxzoKXZ/aJFCZbgCftjL+SRVZiQVMCGikGAFQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MrSggykd; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3EC73C113CC; Sat, 18 May 2024 11:17:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716031050; bh=OuTyIJpw4THU83E4QH0la6A+4g8vZoMGoOnXcdCfLz0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MrSggykduGNaK1WHlBAqu1gRo5NDPTpguUIm/nvYFva/R4PLIWrUJKTikX1Kz5jjM 83PCQ/1fqFkA5tewjFBQLQc5q9p0QCc2+jrDPGm7SthMHCpDSf+4PHFs/IFw03bJff AsGE15028kPZxixPEHEHigzQVGUkyHs8E+Gl2F99dEALBIHB4+j9tSoO5TSGT0h7lC iaQGKKGIjm9rHbzdaZ+vdEwWA+3vaRioJ2ui9CPANyiSs2h7o6C9ECjQd6Jr0q4EpY W1NBgvbfj4cEuJYQetVmmo9wMfgV0eSnNco9sd1VINcwB0cbY5sBQH3ELug6J1zFJS uxBWlLwNqIjEg== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 18 May 2024 14:17:25 +0300 Message-Id: From: "Jarkko Sakkinen" To: "Jarkko Sakkinen" , "Jonathan Calmels" , "Casey Schaufler" Cc: , , "Luis Chamberlain" , "Kees Cook" , "Joel Granados" , "Serge Hallyn" , "Paul Moore" , "James Morris" , "David Howells" , , , , , Subject: Re: [PATCH 0/3] Introduce user namespace capabilities X-Mailer: aerc 0.17.0 References: <20240516092213.6799-1-jcalmels@3xx0.net> <2804dd75-50fd-481c-8867-bc6cea7ab986@schaufler-ca.com> In-Reply-To: On Sat May 18, 2024 at 2:08 PM EEST, Jarkko Sakkinen wrote: > On Fri May 17, 2024 at 10:11 PM EEST, Jonathan Calmels wrote: > > On Fri, May 17, 2024 at 10:53:24AM GMT, Casey Schaufler wrote: > > > Of course they do. I have been following the use of capabilities > > > in Linux since before they were implemented. The uptake has been > > > disappointing in all use cases. > > > > Why "Of course"? > > What if they should not get *all* privileges? > > They do the job given a real-world workload and stress test. > > Here the problem is based on a theory and an experiment. > > Even a formal model does not necessarily map all "unknown unknowns". So this was like the worst "sales pitch" ever: 1. The cover letter starts with the idea of having to argue about name spaces, and have fun while doing that ;-) We all have our own ways to entertain ourselves but "name space duels" are not my thing. Why not just start with why we all want this instead? Maybe we don't want it then. Maybe this is just useless spam given the angle presented? 2. There's shitloads of computer science and set theory but nothing that would make common sense. You need to build more understandable=20 model. There's zero "gist" in this work. Maybe this does make sense but the story around it sucks so far. BR, Jarkko