Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2710915lqo; Mon, 20 May 2024 14:13:46 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUfCY9WplMulRnGYLnSfEN9aWq9F+V5iCzFWJX+4sARoe6wBxZQgTx+1UH51Q1Nor1nUhz9IotSIRgkByFufRus/bjUltWO8TDuZhPpaQ== X-Google-Smtp-Source: AGHT+IFCdbS6g3s6Y9o8rsvShn7fzlCQhB/mZrbO6qst/wZH8AK2O/Ef7D2r8ABajorDVLke8Jwf X-Received: by 2002:a50:871c:0:b0:572:7c99:a280 with SMTP id 4fb4d7f45d1cf-5764d2165cfmr4150268a12.15.1716239626451; Mon, 20 May 2024 14:13:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716239626; cv=pass; d=google.com; s=arc-20160816; b=O2A2fuCp4AM5Noh4VL9u0IkDKo2C6wcbA9WLVJiV+iifsBmKUS1b0ugisu4HCzkiPT LscU7nA8T8u1CumkFA/SUXAUlKJ4G9k7ezDtwFT9Kemjr9U855y6F/GHDwIs3kG1E+96 oCvQ17MZFsVYGL9pbSZg0viex9EkSMu5Nm4khnYHzIZfqHzeWTzHj6dtU/XU8KGXQwym eDvx8I1uDQYK8pn8vkILk79W8pGUfi/Ycg/CZov4uWkxacQhc1K3ANWY5RE4LHsc8Xng v5gF15p+WwGgE/6j7//1UVgUQcVehLIumn+vFvFcc8IgoqHNFT5sSl8ONApxQt1Siuzw AnRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:feedback-id:dkim-signature:dkim-signature; bh=07dLT5mWE9IVMfZYh0BeXqhtBVnvUCmQKUtwX9bMrAY=; fh=J7+GuMxQCkZAYZuZt7nxhQ+bKzJcqLVisW+cOJ1MV1s=; b=uZP0xAgh2c3feN9QCO2hs3L+c5VTiougSwGSNd5uBkNPC0SvfDzni4HwRG1ZRsIRM2 lH1rQeyUzMcz2/QMXZZSPgRwsqfEDca3CMVn8QYdPSu7fT2M82TKdSBiFTKMHImvyXdh qRFOA1mtF1DkX8PMW/Auc6EAstz/HoDJ0KVWtbx5D5RwJ9EaKsgGauRjrX0kslH1RTMj 9h/f1zDAS+y3GBMd9qEaKVmMXbGkjEB5edGUdS53E3H1/VrKj7NJ1v1+bKpBRcw8gtvH 7no50y9sg+BcDQfpoaAORjv5Jiq9uw/7Tj37+0vonwvkRl6IlT6oFDqj3NTHRlTk6Udq am+Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm3 header.b=Z46utTAB; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=Ql3G1jPi; arc=pass (i=1 spf=pass spfdomain=tycho.pizza dkim=pass dkdomain=tycho.pizza dkim=pass dkdomain=messagingengine.com); spf=pass (google.com: domain of linux-kernel+bounces-184189-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184189-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5733c37381esi13753135a12.598.2024.05.20.14.13.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 May 2024 14:13:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-184189-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm3 header.b=Z46utTAB; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=Ql3G1jPi; arc=pass (i=1 spf=pass spfdomain=tycho.pizza dkim=pass dkdomain=tycho.pizza dkim=pass dkdomain=messagingengine.com); spf=pass (google.com: domain of linux-kernel+bounces-184189-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184189-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 2A0611F21F23 for ; Mon, 20 May 2024 21:13:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C88EC139D17; Mon, 20 May 2024 21:13:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b="Z46utTAB"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="Ql3G1jPi" Received: from wfout2-smtp.messagingengine.com (wfout2-smtp.messagingengine.com [64.147.123.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1569313959D; Mon, 20 May 2024 21:13:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.123.145 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716239615; cv=none; b=pQaho4Xzm3ZZ0GDtK3cm3MIpElvyoa5n0mbqipaggUP504fUlGpVg8unO9liOHE4gjBM80R/kHVGaOi+h4WrdoLfd/vNCp0hvxKmXCeN5J+jalyN9SFo43N2nYETvAxHB4PZJJ7WZ5Rn9Rn6C7dIB+mA8y/PO0l1ivEniahGdw0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716239615; c=relaxed/simple; bh=Bx+sj8t9HNxybi1oDttghAMxvT+D/0RgxzOubry0jmg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=IBu1BUiGV8YaaJN7mLmbIIlk/9EDntc7n/FJmqIO6VGMCnKpUy8mW+y14Hu8KsJ7PCOXlRWi3gX7su7ycTL4+OJQF+KwMcQbh8qF4AeEn28fdVEmMiCyqUIQpJt/eYkr/GhrX0YeOZkvlE9aqmHHzcPglUJmAxzqBN0/uCq45qk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza; spf=pass smtp.mailfrom=tycho.pizza; dkim=pass (2048-bit key) header.d=tycho.pizza header.i=@tycho.pizza header.b=Z46utTAB; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=Ql3G1jPi; arc=none smtp.client-ip=64.147.123.145 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=tycho.pizza Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=tycho.pizza Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfout.west.internal (Postfix) with ESMTP id 4F0C51C000FB; Mon, 20 May 2024 17:13:32 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Mon, 20 May 2024 17:13:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1716239611; x=1716326011; bh=07dLT5mWE9 IVMfZYh0BeXqhtBVnvUCmQKUtwX9bMrAY=; b=Z46utTABbFWDgQmbCaMIfWNGWU Muz0cl/JbRhW/QLp3km+gIKTXsOCzbpzFD+SWjP+BMcX+49S1YmH/5wAB9L/SqxA prw9Eaw7tJ7QJ2YZkfDbqFyiT8c37stsX4sWRY7ls5aXJF1kC+W0OL7j3qBysVa4 wbPIJ+IXPVjBCwHQQE5Htjn5/Ec4t3vye967rgbuI1ppFaIHh4MMWeCIUEYoz6Aw L3kba1Nf1q3u4K5Z2zWBfojaZiBSpuJvM3PrjU0p1IA/kTXsanZM+PWqdYmRDiJL Pws//zBG0gqzAsk2g2NeirpzkjNKPSz4+URusHvpr33eyBbDURr4radZcinQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1716239611; x=1716326011; bh=07dLT5mWE9IVMfZYh0BeXqhtBVnv UCmQKUtwX9bMrAY=; b=Ql3G1jPiI4SktfG12x4b39mgwqhaF/2ra9OY8hIfZ369 FgawflV1v7+BWhjQbVHfdWzJujUpRUBR1wd/eNVLmcjKthUuKauaNTanGkrei1OE vCHyQzo2fgEOmMwNdWdEO93L45bV/6DDDryOA6S2bNvboieP6p+T6bnvSnLTQc3Q d6uh9vG9oU63V1LhrUfYgnD+7Gf3SR7Ldj454noVyRKmpuc/wKqh27WoGIVfK3iT v8dg9HmTLoFgm+oB0P6HA5i8O60FG79VYpe5tvxl+DxRudDMmz/yGvDNVsNhI1eM NraLVmhZMP3dtqOB5vFB+XIb1tYkGYcJG2afGPVvsg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeitddgudeffecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefvhigt hhhoucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtf frrghtthgvrhhnpeeutedttefgjeefffehffffkeejueevieefudelgeejuddtfeffteek lefhleelteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehthigthhhosehthigthhhordhpihiiiigr X-ME-Proxy: Feedback-ID: i21f147d5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 20 May 2024 17:13:27 -0400 (EDT) Date: Mon, 20 May 2024 15:13:23 -0600 From: Tycho Andersen To: Jonathan Calmels Cc: brauner@kernel.org, ebiederm@xmission.com, Luis Chamberlain , Kees Cook , Joel Granados , Serge Hallyn , Paul Moore , James Morris , David Howells , Jarkko Sakkinen , containers@lists.linux.dev, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org Subject: Re: [PATCH 3/3] capabilities: add cap userns sysctl mask Message-ID: References: <20240516092213.6799-1-jcalmels@3xx0.net> <20240516092213.6799-4-jcalmels@3xx0.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, May 20, 2024 at 12:25:27PM -0700, Jonathan Calmels wrote: > On Mon, May 20, 2024 at 07:30:14AM GMT, Tycho Andersen wrote: > > there is an ongoing effort (started at [0]) to constify the first arg > > here, since you're not supposed to write to it. Your usage looks > > correct to me, so I think all it needs is a literal "const" here. > > Will do, along with the suggestions from Jarkko > > > > + struct ctl_table t; > > > + unsigned long mask_array[2]; > > > + kernel_cap_t new_mask, *mask; > > > + int err; > > > + > > > + if (write && (!capable(CAP_SETPCAP) || > > > + !capable(CAP_SYS_ADMIN))) > > > + return -EPERM; > > > > ...why CAP_SYS_ADMIN? You mention it in the changelog, but don't > > explain why. > > No reason really, I was hoping we could decide what we want here. > UMH uses CAP_SYS_MODULE, Serge mentioned adding a new cap maybe. I don't have a strong preference between SETPCAP and a new capability, but I do think it should be just one. SYS_ADMIN is already god mode enough, IMO. Tycho