From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63EDFC433EF for ; Mon, 13 Jun 2022 23:23:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E6F5D8D01F0; Mon, 13 Jun 2022 19:23:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E1E268D01EE; Mon, 13 Jun 2022 19:23:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D0D5F8D01F0; Mon, 13 Jun 2022 19:23:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C237A8D01EE for ; Mon, 13 Jun 2022 19:23:17 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 8E25B208AB for ; Mon, 13 Jun 2022 23:23:17 +0000 (UTC) X-FDA: 79574790834.15.F64996A Received: from ms.lwn.net (ms.lwn.net [45.79.88.28]) by imf02.hostedemail.com (Postfix) with ESMTP id 046AF800A0 for ; Mon, 13 Jun 2022 23:23:16 +0000 (UTC) Received: from localhost (unknown [IPv6:2601:281:8300:73::5f6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ms.lwn.net (Postfix) with ESMTPSA id 63E322D6; Mon, 13 Jun 2022 23:23:15 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 ms.lwn.net 63E322D6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lwn.net; s=20201203; t=1655162595; bh=DaRek4VCbbCEWDVHGSepYt+fEnKtHG9ut+awCzRUXRQ=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=FvS3IOr2TAOGBY3ITgsqcvlVGpzQmoKdunLDI+3/shEpR/t7oSEVVeHoGDDdKX6dK Cd2H+2nc/WjM5b4sVQ8yNi7nlUuPXXG+a4sIK+UrOD6YPML0Y/EpPTvLykfUtrihqp 1XS8NPeT74mLMvk6FtO/Ac9KHGggTSOoAru8AlmMmkiVFfNrdkZ8ngujBF+HYdqN34 3UJ5krv9fnSnhbPSzoTQy5sHuxOwVSwaZWMBP/YU3q+oSaktASpzcEQaAUL/OUsBas i3jQ8659pZFpkCyCBVVeNy4nrowO+LjnbeEtjztKMVkqznwuc4JCXqMY6ZifUbJ8c6 OCm5Hpe4Z58GQ== From: Jonathan Corbet To: Axel Rasmussen , Peter Xu Cc: Andrew Morton , Alexander Viro , Charan Teja Reddy , Dave Hansen , "Dmitry V . Levin" , Gleb Fotengauer-Malinovskiy , Hugh Dickins , Jan Kara , Mel Gorman , Mike Kravetz , Mike Rapoport , Nadav Amit , Shuah Khan , Suren Baghdasaryan , Vlastimil Babka , zhangyi , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, LKML , Linux MM , Linuxkselftest Subject: Re: [PATCH v3 2/6] userfaultfd: add /dev/userfaultfd for fine grained access control In-Reply-To: References: <20220601210951.3916598-1-axelrasmussen@google.com> <20220601210951.3916598-3-axelrasmussen@google.com> <20220613145540.1c9f7750092911bae1332b92@linux-foundation.org> Date: Mon, 13 Jun 2022 17:23:14 -0600 Message-ID: <87k09kxi59.fsf@meer.lwn.net> MIME-Version: 1.0 Content-Type: text/plain ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655162597; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DaRek4VCbbCEWDVHGSepYt+fEnKtHG9ut+awCzRUXRQ=; b=Uqa1wIIojfWBZmd9Q1uTKZZXshHG2AoQlA72fycuGTauw5sUSPamA5Y1o67XbaHWFNIhcH iWioyF8CkYrK8Rfrx50CgYJNOz9zTjSRlxdVd20wiVJsZjUvSXkKzN3pjY3svN2z836Iam PsPMZOaTeF/o/UqJcyzeznUhTvuDMDg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655162597; a=rsa-sha256; cv=none; b=u0WLqT5hdGDkBoxLdLsptq3sajfOojzP6Iz7NWNllStzOccUjBiaP/gXuqfomw9YNf8Ts3 M4FflBcnA0XPRFZwXRKWH3OmAll56i3kBgsSSE8VJDeZ3nCDE0vCBhkSFbOV1HUPALoLBC eJKIZxWaE8XReTqjBa5bZapu0tYHAdw= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=lwn.net header.s=20201203 header.b=FvS3IOr2; dmarc=none; spf=pass (imf02.hostedemail.com: domain of corbet@lwn.net designates 45.79.88.28 as permitted sender) smtp.mailfrom=corbet@lwn.net Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=lwn.net header.s=20201203 header.b=FvS3IOr2; dmarc=none; spf=pass (imf02.hostedemail.com: domain of corbet@lwn.net designates 45.79.88.28 as permitted sender) smtp.mailfrom=corbet@lwn.net X-Rspamd-Server: rspam12 X-Rspam-User: X-Stat-Signature: w4gwf7kz4uuxzqktdiztcbcbtbtg63gb X-Rspamd-Queue-Id: 046AF800A0 X-HE-Tag: 1655162596-527770 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Axel Rasmussen writes: > I think for any approach involving syscalls, we need to be able to > control access to who can call a syscall. Maybe there's another way > I'm not aware of, but I think today the only mechanism to do this is > capabilities. I proposed adding a CAP_USERFAULTFD for this purpose, > but that approach was rejected [1]. So, I'm not sure of another way > besides using a device node. I take it there's a reason why this can't be done with a security module - either a custom module or a policy in one of the existing modules? That sort of access control is just what security modules are supposed to be for, after all. Thanks, jon