From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=oIdf=GR=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-18.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 836B3C433DB
	for <linux-mm@archiver.kernel.org>; Thu, 14 Jan 2021 22:50:58 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 2108A2389B
	for <linux-mm@archiver.kernel.org>; Thu, 14 Jan 2021 22:50:58 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2108A2389B
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id AE7C18D0131; Thu, 14 Jan 2021 17:50:57 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A989E8D00F0; Thu, 14 Jan 2021 17:50:57 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 987A18D0131; Thu, 14 Jan 2021 17:50:57 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 823EB8D00F0
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 17:50:57 -0500 (EST)
Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 421903637
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 22:50:57 +0000 (UTC)
X-FDA: 77705877354.22.edge27_4602ad92752a
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin22.hostedemail.com (Postfix) with ESMTP id 24B2418038C23
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 22:50:57 +0000 (UTC)
X-HE-Tag: edge27_4602ad92752a
X-Filterd-Recvd-Size: 6515
Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49])
	by imf05.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 22:50:56 +0000 (UTC)
Received: by mail-ed1-f49.google.com with SMTP id g24so7477043edw.9
        for <linux-mm@kvack.org>; Thu, 14 Jan 2021 14:50:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=UeoL+rYHRCbasM2MDskzXuaIRoYc6D44ZyyDiGPDO/w=;
        b=ClFJZo+BJk+87jvAan7WQo9aS+l9tB+E2az4yrz+MpLvi/9fHWesT1nzF0xSXzhZCc
         RcJoLJz5dACLZmtWv2+nlv3CqzQEDL0hjiupvp2YCB89Xzux0kim1rXAGMcO9ILhR5NF
         ap+XpTjn6tNdf4OFIkPleEyfTOB7kAxAs/+hXc1CCHpR9/zb0btfVC0YnJjGv6Cy0j8R
         BEox7tEqvkj32hABqbcIkkSkwpLR2P+u4xrAsFnQKZiANB9aGkPrH/BzcV6aEeZIN+s4
         6cUxyKcITIdXdddyv2p5qmqAVaL7wzbAvBtnyiaRfVIbU2O8iNEEAv5xbdySCtn7QmTw
         lJnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=UeoL+rYHRCbasM2MDskzXuaIRoYc6D44ZyyDiGPDO/w=;
        b=cM6hspKBBBpDv5xbfQx9El7eqryaqfg3m6Zc24EumIkWMSMXY2em3I2uW5mXwsUddD
         vwq7cJgkkOAVk8qMPCNKATSFRpVNaiIRQ9xc8bpN2kGGipYCXQnHwYvBZzw4Uxrju9HN
         s9jzsgkotAbiqJxGRaJpBiF9agrPqv/y5EMnUaIoDtif19YmkU23DNMJTwLjvNEKSwQX
         5ClRMH6halvuyvJ/HsS8rdHRycchKaXyOgiN9uPAFCBOE/XN6N5+Tr/g04tsRxtf9UTy
         zl7h+b0MauOEEADmReabzrsDT6gqAi+ubC5PIUciLuEI7kNTZtm8BaQwRb1/QiIUxRtQ
         zcxg==
X-Gm-Message-State: AOAM530BoaZLUxIfd7VV0rml4YMScXm/l3xrzVzx4UTZxXgQ1wGZfaaW
	f8P9hwrEQbDhVgiwMR3CZLsRVM7OOGyQ4hNXdbuXjA==
X-Google-Smtp-Source: ABdhPJwLGBXalWJsx6TApXUYEwR9vPwAwFhtNqwvKEo7UM+rk8tYy5H8fbrDp2tRSXTRqBa3IjZfbVbM/R4B97HOXRg=
X-Received: by 2002:aa7:c0c2:: with SMTP id j2mr7423719edp.343.1610664655156;
 Thu, 14 Jan 2021 14:50:55 -0800 (PST)
MIME-Version: 1.0
References: <20210108222223.952458-1-lokeshgidra@google.com>
 <CAHC9VhSLFUyeo8he4t7rFoHgRHfpB=URoAioF+a3+xjZP8JdSQ@mail.gmail.com> <CAHC9VhRGZCRV2T6y80MXtutsZRw4hR+wxgte3__vyG50yAn4qw@mail.gmail.com>
In-Reply-To: <CAHC9VhRGZCRV2T6y80MXtutsZRw4hR+wxgte3__vyG50yAn4qw@mail.gmail.com>
From: Lokesh Gidra <lokeshgidra@google.com>
Date: Thu, 14 Jan 2021 14:50:44 -0800
Message-ID: <CA+EESO5NMjDbJ2wFuvmK8Zkrm1Aafdaf8GZPZkPrK9xeqLH4Ng@mail.gmail.com>
Subject: Re: [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD
To: Paul Moore <paul@paul-moore.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>, Alexander Viro <viro@zeniv.linux.org.uk>, 
	James Morris <jmorris@namei.org>, Stephen Smalley <stephen.smalley.work@gmail.com>, 
	Casey Schaufler <casey@schaufler-ca.com>, Eric Biggers <ebiggers@kernel.org>, 
	"Serge E. Hallyn" <serge@hallyn.com>, Eric Paris <eparis@parisplace.org>, 
	Daniel Colascione <dancol@dancol.org>, Kees Cook <keescook@chromium.org>, 
	"Eric W. Biederman" <ebiederm@xmission.com>, KP Singh <kpsingh@google.com>, 
	David Howells <dhowells@redhat.com>, Anders Roxell <anders.roxell@linaro.org>, 
	Sami Tolvanen <samitolvanen@google.com>, Matthew Garrett <matthewgarrett@google.com>, 
	Randy Dunlap <rdunlap@infradead.org>, "Joel Fernandes (Google)" <joel@joelfernandes.org>, 
	YueHaibing <yuehaibing@huawei.com>, Christian Brauner <christian.brauner@ubuntu.com>, 
	Alexei Starovoitov <ast@kernel.org>, Adrian Reber <areber@redhat.com>, Aleksa Sarai <cyphar@cyphar.com>, 
	Linux FS Devel <linux-fsdevel@vger.kernel.org>, linux-kernel <linux-kernel@vger.kernel.org>, 
	LSM List <linux-security-module@vger.kernel.org>, 
	SElinux list <selinux@vger.kernel.org>, Kalesh Singh <kaleshsingh@google.com>, 
	Calin Juravle <calin@google.com>, Suren Baghdasaryan <surenb@google.com>, 
	Jeffrey Vander Stoep <jeffv@google.com>, "Cc: Android Kernel" <kernel-team@android.com>, 
	"open list:MEMORY MANAGEMENT" <linux-mm@kvack.org>, Andrew Morton <akpm@linux-foundation.org>, 
	Christoph Hellwig <hch@infradead.org>, Ondrej Mosnacek <omosnace@redhat.com>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Jan 14, 2021 at 2:47 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Tue, Jan 12, 2021 at 12:15 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra <lokeshgidra@google.com> wrote:
> > >
> > > Userfaultfd in unprivileged contexts could be potentially very
> > > useful. We'd like to harden userfaultfd to make such unprivileged use
> > > less risky. This patch series allows SELinux to manage userfaultfd
> > > file descriptors and in the future, other kinds of
> > > anonymous-inode-based file descriptor.
> >
> > ...
> >
> > > Daniel Colascione (3):
> > >   fs: add LSM-supporting anon-inode interface
> > >   selinux: teach SELinux about anonymous inodes
> > >   userfaultfd: use secure anon inodes for userfaultfd
> > >
> > > Lokesh Gidra (1):
> > >   security: add inode_init_security_anon() LSM hook
> > >
> > >  fs/anon_inodes.c                    | 150 ++++++++++++++++++++--------
> > >  fs/libfs.c                          |   5 -
> > >  fs/userfaultfd.c                    |  19 ++--
> > >  include/linux/anon_inodes.h         |   5 +
> > >  include/linux/lsm_hook_defs.h       |   2 +
> > >  include/linux/lsm_hooks.h           |   9 ++
> > >  include/linux/security.h            |  10 ++
> > >  security/security.c                 |   8 ++
> > >  security/selinux/hooks.c            |  57 +++++++++++
> > >  security/selinux/include/classmap.h |   2 +
> > >  10 files changed, 213 insertions(+), 54 deletions(-)
> >
> > With several rounds of reviews done and the corresponding SELinux test
> > suite looking close to being ready I think it makes sense to merge
> > this via the SELinux tree.  VFS folks, if you have any comments or
> > objections please let me know soon.  If I don't hear anything within
> > the next day or two I'll go ahead and merge this for linux-next.
>
> With no comments over the last two days I merged the patchset into
> selinux/next.  Thanks for all your work and patience on this Lokesh.
>
Thanks so much.

> Also, it looks like you are very close to getting the associated
> SELinux test suite additions merged, please continue to work with
> Ondrej to get those merged soon.
>
Certainly! I'm waiting for his reviews for the latest patch.

> --
> paul moore
> www.paul-moore.com