Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2734556lqo; Mon, 20 May 2024 15:13:16 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVU6hiLox6yPh+An4eU40oB2ABgffxl6NqMiInJvB2sjee3Ag/xXC/u1U0bpcO0ILSDyLgW//URYK2he8arxiOi074jaO/iUECYI9MIhg== X-Google-Smtp-Source: AGHT+IEyRQ7f1e+HERiJeTWZ6imxhs4FSd9L7UqvHPcbvsbOPPzdEDkInGTHAqWDRn8Wykkw3oPO X-Received: by 2002:a05:6122:2018:b0:4d4:20cb:8c0 with SMTP id 71dfb90a1353d-4df882cc551mr28652300e0c.8.1716243195927; Mon, 20 May 2024 15:13:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716243195; cv=pass; d=google.com; s=arc-20160816; b=MBETbUWtsd6veXTshlIWTZj4IRQZd2+UfdfIF05nwdv51N/HJD7kaV7mLWVVdFDwGj wAY0CTBcfGkV3KvDWomZfCfgIoVisgyvCzdpkyuLwdsyfJn/fja+saDt3ttqvnBi7AO/ lWD+1Pj+s7vsLFQacib3di0YIQxqZ7bnIWQUpeditQkIySFKr+74PI8Rnp+lKtEGGonc IREovbiAUcKAdT/vvCU2NgeSDHeXDreJH8ZITqwgsSKxiyZhoy9daV1FdSlF1zgGWuQd 0nir+E5DsADshOS1ce2Cg2h4bok0r+9huuUyJg7VQvRVyzSBhiaa5tirJZHjQhvpqEXk A4lA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=Y0sauVcnm7wKeNhGBEYVzOl14rHu6WqWOrsN1udh3XA=; fh=Ej6qVTCPYH0Lh5jBSfZssct6IuZl59BnkMHULphhjzY=; b=HlJzLp5OZcvmL4d3yjM1gY7h6MuRLl491NFXl8r9iYQ1ZogY0L6xSB0jxvqmhbGfDL kiO3cztEALn0GBCBuKLW7GKnvkHgwYKXvAmjqRSBST3n0le8hD8Ha5Vo5eRLKbGkyipM iUPAFV3fvqhUd+7K7SmOx3jmX+rrZns/NSeJ7ne6KRgchqW7pKD0E48vbtulQ+rUrKU/ hxd7H+4iqLoUCDhjX+bSM36zgg/38XxbOBxvBUZpYHEtLuvLlyNfWNxPsgPg4nFTHmIY G4jwzFlQk0bqzhF8NQr/AbTl2jqmkDX2iJP/MnvwIdrENB0irwKNwY3MY+pVBY8tVKXm +DcA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jv+Yqjwe; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-184211-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184211-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id 6a1803df08f44-6ab6dd08e61si16090946d6.576.2024.05.20.15.13.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 May 2024 15:13:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-184211-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jv+Yqjwe; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-184211-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184211-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id A6D551C21023 for ; Mon, 20 May 2024 22:13:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E654913A241; Mon, 20 May 2024 22:13:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jv+Yqjwe" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F1891CD3B; Mon, 20 May 2024 22:13:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716243183; cv=none; b=qXHoj6ujtHrjTKaqWp2TQFFdanDdL49QX2etbyd1CoD7NpIJ9JKCHroSB0wLwYLXuxHn75P+UWHtGDo7PhgWVxeh4qfNQINeHidJkAd0PGPX0Tt5BOrfTsep4GZUZ3QgLYiUP5uPGIWeVS/bVUBsJQHZ/MELJInnHv3gXSrAAXE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716243183; c=relaxed/simple; bh=g67Au3Gl3mqSp0DalxfSQ7ydt1TQGOl6Vi8oRqoOvyE=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=IfSGOjk8znDm4ZX9aDMqdZx8t3pKgqWga28Z/D3mq2NesX72w4EEcjOjpe5Z3axkgbTpyeViREAhx58khXaCjsb0Fg0PfFGMBKWXKGhBzlQ2LgHsSdz4er2RBwui2dKGguCVlxIrNCrh/QNMs9XydF5A09icmuVInY8pvoqZz7A= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jv+Yqjwe; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8D6AC2BD10; Mon, 20 May 2024 22:12:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716243182; bh=g67Au3Gl3mqSp0DalxfSQ7ydt1TQGOl6Vi8oRqoOvyE=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=jv+YqjweWfOJ58Q3rWlPlQFpRXdnf0erK6kTjwm69gsovWdMmwxN9rknV5ZxWSN6B Fqs8WiDOHc9qevF1/3ks8cLHz5bTvsGWiabm9jjGikcvnZZG1qt/aDXy8jxdg4uG4c z1WKhAGZceld4lkmUZbrOQKQJqV+ed++z5zKsq63KAs98UAwUtpJ5ALf4kCvQnVLuH iFAoYHnk66FrFIo3UhnKZKeGaFUfJvXUnMuZH2soK+u2t7rJxRqxV2iqQEemdJT6BQ uLCZIxjwrjwVmECgZ02bXTlOH/TcfCevAYf2khb2XBVuWXd0po3UYUMOSBHAy6kQ9L aWJlEPVroniqQ== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 21 May 2024 01:12:57 +0300 Message-Id: Cc: , , "Luis Chamberlain" , "Kees Cook" , "Joel Granados" , "Serge Hallyn" , "Paul Moore" , "James Morris" , "David Howells" , , , , , Subject: Re: [PATCH 3/3] capabilities: add cap userns sysctl mask From: "Jarkko Sakkinen" To: "Tycho Andersen" , "Jonathan Calmels" X-Mailer: aerc 0.17.0 References: <20240516092213.6799-1-jcalmels@3xx0.net> <20240516092213.6799-4-jcalmels@3xx0.net> In-Reply-To: On Tue May 21, 2024 at 12:13 AM EEST, Tycho Andersen wrote: > On Mon, May 20, 2024 at 12:25:27PM -0700, Jonathan Calmels wrote: > > On Mon, May 20, 2024 at 07:30:14AM GMT, Tycho Andersen wrote: > > > there is an ongoing effort (started at [0]) to constify the first arg > > > here, since you're not supposed to write to it. Your usage looks > > > correct to me, so I think all it needs is a literal "const" here. > >=20 > > Will do, along with the suggestions from Jarkko > >=20 > > > > + struct ctl_table t; > > > > + unsigned long mask_array[2]; > > > > + kernel_cap_t new_mask, *mask; > > > > + int err; > > > > + > > > > + if (write && (!capable(CAP_SETPCAP) || > > > > + !capable(CAP_SYS_ADMIN))) > > > > + return -EPERM; > > >=20 > > > ...why CAP_SYS_ADMIN? You mention it in the changelog, but don't > > > explain why. > >=20 > > No reason really, I was hoping we could decide what we want here. > > UMH uses CAP_SYS_MODULE, Serge mentioned adding a new cap maybe. > > I don't have a strong preference between SETPCAP and a new capability, > but I do think it should be just one. SYS_ADMIN is already god mode > enough, IMO. Sometimes I think would it make more sense to invent something completely new like capabilities but more modern and robust, instead of increasing complexity of a broken mechanism (especially thanks to CAP_MAC_ADMIN). I kind of liked the idea of privilege tokens both in Symbian and Maemo (have been involved professionally in both). Emphasis on the idea not necessarily on implementation. Not an LSM but like something that you could use in the place of POSIX caps. Probably quite tedious effort tho because you would need to pull the whole industry with the new thing... BR, Jarkko