From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 060DAC04FDE for ; Fri, 9 Dec 2022 18:29:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5C0458E0003; Fri, 9 Dec 2022 13:29:23 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 549818E0001; Fri, 9 Dec 2022 13:29:23 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E9EA8E0003; Fri, 9 Dec 2022 13:29:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2C12D8E0001 for ; Fri, 9 Dec 2022 13:29:23 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id DD87740DAC for ; Fri, 9 Dec 2022 18:29:22 +0000 (UTC) X-FDA: 80223605364.23.D8D07BA Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by imf30.hostedemail.com (Postfix) with ESMTP id 5327480017 for ; Fri, 9 Dec 2022 18:29:21 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=tfI4xAi7; spf=none (imf30.hostedemail.com: domain of paul@paul-moore.com has no SPF policy when checking 209.85.214.170) smtp.mailfrom=paul@paul-moore.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1670610561; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=r2PSJMZNi7Lx3K9QcpxGsYdFe40hPnGOZyUy1ujyzNA=; b=2wYWV1Q8K33QujB8TQsxsbn2q9Idh8crtUOL4hXXU0kgRgn579HOzeQWmLP34i6/Q3N4Ml KOqhq60oeEDoXr/6oQBX5oS5ZdQQ4RNjpxD342F+8c4k4nK8Ou9QJUNM9AIM07v5DlpaYC gwqg5+jnUZIY2f6kujlwefdvQ0J+xgM= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=tfI4xAi7; spf=none (imf30.hostedemail.com: domain of paul@paul-moore.com has no SPF policy when checking 209.85.214.170) smtp.mailfrom=paul@paul-moore.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1670610561; a=rsa-sha256; cv=none; b=LacdMKBZL1u28STsRXWbPrRQdik8/klzSX67xBoq5fHERgnijtAOwWo5OhNDYky7mu8MTi pNIVLrWOelgOc3v1ZvOsY6pqgPduXGnGQRvvPCzGW/UNakoFV5CfG95rz/dogXV3dHJesL 8/k5zWY4Gn2AToxmEcx2CkzBOyxbNOA= Received: by mail-pl1-f170.google.com with SMTP id d3so5733323plr.10 for ; Fri, 09 Dec 2022 10:29:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=r2PSJMZNi7Lx3K9QcpxGsYdFe40hPnGOZyUy1ujyzNA=; b=tfI4xAi74SE707QKT/mlAJrn1WsRQMKi7foG6V+hJ3/ZeeH4mn18qk1TNdC36Ofusg ux9dVwjH+WeN8+ll50wN/ZVU3fRCV4j51jzLF1QBiKy3L9UcnDNWfvJFpdXUVutD6LSX B+nJJ/Z+4pMPkiKT5aQXAVSXC5gZy5nkHgjxcvcgJaZh4I2OJC7oMP//CIrni2xl0jSV Mmw/ny6WvzljNwb3mAlZHa2O41ZhCD7YCeG0EvMDL4eX3mZ4scebmz0Nk9VnZxQOhYOB 3LvxaClg/ESU/pP7naEJRn8Pv2TZh2Wrj3eyhM2yqtbeuzCfNRyNSicIITnV7GFt+P1e tuXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=r2PSJMZNi7Lx3K9QcpxGsYdFe40hPnGOZyUy1ujyzNA=; b=DO4YPkjbB5tQZmOiiG6fWB78X9khtph8au1La+2o1KVYlqat6lvWyCAhWlaZ33Sji/ DBvmAbCjgmX1DctsBvYMK3nt6YX9H4zEmlrjT/Hye9ssM8nyj7YbTT5bssvyzS++QXAy 5IU079I2tsyqMGZpzOJJhZ2bxmvUbEJrj++Y+oB52GWyaNRZYlsQHX65wyqmaZgoF3LV vehAkWOMhaqrC7K5REP627iieWoCeuyV2acPvsvGCD4xPZwO77afaa1bAxAbHhkbdldK ANwOpmhg61QykJfQ7V/lBN+YKJH/sf5FHBOoijWsMz/JLOdz48qu20DaFTIlDSntxOGg nahA== X-Gm-Message-State: ANoB5pkpB8ru7YYJAK33iAFowuchdtWZMGptub18kwxuIQvM7mweYBjU AxOuc9RMj1j4hZ+fCaEwfMgxEgtt1Jki+l/f4PT0 X-Google-Smtp-Source: AA0mqf4pAFPz9IcBXP3Ikc3/BIQ2Fh9HTUyem6n1RTDDoggYxub8h7ftdTIbBK+SxRWviGCqD0xcosbYz5JA2HpPsTg= X-Received: by 2002:a17:90b:2743:b0:20d:4173:faf9 with SMTP id qi3-20020a17090b274300b0020d4173faf9mr108649177pjb.147.1670610559976; Fri, 09 Dec 2022 10:29:19 -0800 (PST) MIME-Version: 1.0 References: <20221209160453.3246150-1-jeffxu@google.com> <20221209160453.3246150-7-jeffxu@google.com> In-Reply-To: <20221209160453.3246150-7-jeffxu@google.com> From: Paul Moore Date: Fri, 9 Dec 2022 13:29:08 -0500 Message-ID: Subject: Re: [PATCH v7 6/6] mm/memfd: security hook for memfd_create To: jeffxu@chromium.org Cc: skhan@linuxfoundation.org, keescook@chromium.org, akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jeffxu@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, linux-security-module@vger.kernel.org, kernel test robot Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 5327480017 X-Stat-Signature: 4sd49d1tm6x4ok4nujwi9qjoem3n6uwy X-Rspam-User: X-HE-Tag: 1670610561-168288 X-HE-Meta: U2FsdGVkX1+GfBVRqXvcBS90J89vz08jZNzBRkCDOooTb047AjNth7XZp3r5Egh7D6blYyhCel6qnt26aeFletIrCKuP1a7QtVGCk1SykouFBCnlG+P//h6pQ0gyejjiHq/T2QBjlp3KJvzxKAobZ+W3pdP8zWgAB9e7foV3GjZjxzYoS50s6YGC16WuaQXW+7FaMXwwES0d6q9SeU9G880W/J4bNmdt01dEGHY7TohJR6duA3NyOwbuasgRXO0g7n2HNjcpRNVkK/MARnYEH2UDWJyLsLeS/+shbHybPVKXD5na70bB+FEryHoWsnjyYIw+D9IQr11nwOVJpcvzOGDwKXz/2oX2ZT2MWYPXIEI1/9VDMkSU7XqQpBcsgGxOsRBU2jYiWKiLO8qMruOXi+drGDPXh07/QQtrgJVcgIpNmKUyaiHP6MCMgF7f+pm95BBHpQFLDtD4yCS72nOT2CD0wP/LLTsnk8aDfTqse/70sPwIaGjB0wssBM9nLOXSm1NF34sAaMT4Kz6YRWVPgst6DmWuaAVB+EaqvhyrVVWhi44afE/0IhNPbZf0Pq4T9FtUobXEWx0VQlhL1aBWo+NpBlTXeT6kzi9OKFZ+WcgLEShmwBNOLCZ7XHYbMv+lDgJ10PWdwRTGEeIZXpT7WwsCQUK5g+Gr2I5W9HWUDQC19FLJWF9wRt91fcYg+3e+Em1t+tumpo8nBDdqBKBsbunK+n8kduYNjNmYjIlMVsYBjOJ0f9kkon+DCOQV848XSL8Sxg5wleRppzcXh7dyGeRNTksA9o9HOttv6PiGb1JoDwDJoLh3C/04bhw/Uh8/cVlqcwbl0cq46AhS2FLEhpogyWVBlyyhnKrRMU9ataedMKHs++uzhzgcYAT+8Uc3BKyHcilcrjsyKlSHZnWvJZcuf7h6wiOaIdfsaBUnZ2oo/TqG+2eKx2kT7an6asou5dZ1MB1gQUK+Ltm1SBF jrHG69My cfe0llBOfhdRFVzrlGwioQ1orweJMKPbS7CvGbpC4kE7PQkhmumMIPmTX3aglcSKWzks8ljAL8SCkY5Yk52FFXdZ//qvOQvOVKRJ97g1oJG9UT93xm16WaBaowrCrNffBLU0hmoBUtlLVKMfs95yCJfi1ypgrkmocyXmmbjwbDUyDfv0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Dec 9, 2022 at 11:05 AM wrote: > > From: Jeff Xu > > The new security_memfd_create allows lsm to check flags of > memfd_create. > > The security by default system (such as chromeos) can use this > to implement system wide lsm to allow only non-executable memfd > being created. > > Signed-off-by: Jeff Xu > Reported-by: kernel test robot > --- > include/linux/lsm_hook_defs.h | 1 + > include/linux/lsm_hooks.h | 4 ++++ > include/linux/security.h | 6 ++++++ > mm/memfd.c | 5 +++++ > security/security.c | 5 +++++ > 5 files changed, 21 insertions(+) We typically require at least one in-tree LSM implementation to accompany a new LSM hook. Beyond simply providing proof that the hook has value, it helps provide a functional example both for reviewers as well as future LSM implementations. Also, while the BPF LSM is definitely "in-tree", its nature is such that the actual implementation lives out-of-tree; something like SELinux, AppArmor, Smack, etc. are much more desirable from an in-tree example perspective. -- paul-moore.com