From: Paul Moore <paul@paul-moore.com>
To: Lokesh Gidra <lokeshgidra@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
James Morris <jmorris@namei.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Eric Biggers <ebiggers@kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Eric Paris <eparis@parisplace.org>,
Daniel Colascione <dancol@dancol.org>,
Kees Cook <keescook@chromium.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
KP Singh <kpsingh@google.com>,
David Howells <dhowells@redhat.com>,
Anders Roxell <anders.roxell@linaro.org>,
Sami Tolvanen <samitolvanen@google.com>,
Matthew Garrett <matthewgarrett@google.com>,
Randy Dunlap <rdunlap@infradead.org>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
YueHaibing <yuehaibing@huawei.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Alexei Starovoitov <ast@kernel.org>,
Adrian Reber <areber@redhat.com>,
Aleksa Sarai <cyphar@cyphar.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
kaleshsingh@google.com, calin@google.com, surenb@google.com,
jeffv@google.com, kernel-team@android.com, linux-mm@kvack.org,
Andrew Morton <akpm@linux-foundation.org>,
hch@infradead.org
Subject: Re: [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD
Date: Thu, 14 Jan 2021 17:47:19 -0500 [thread overview]
Message-ID: <CAHC9VhRGZCRV2T6y80MXtutsZRw4hR+wxgte3__vyG50yAn4qw@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhSLFUyeo8he4t7rFoHgRHfpB=URoAioF+a3+xjZP8JdSQ@mail.gmail.com>
On Tue, Jan 12, 2021 at 12:15 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra <lokeshgidra@google.com> wrote:
> >
> > Userfaultfd in unprivileged contexts could be potentially very
> > useful. We'd like to harden userfaultfd to make such unprivileged use
> > less risky. This patch series allows SELinux to manage userfaultfd
> > file descriptors and in the future, other kinds of
> > anonymous-inode-based file descriptor.
>
> ...
>
> > Daniel Colascione (3):
> > fs: add LSM-supporting anon-inode interface
> > selinux: teach SELinux about anonymous inodes
> > userfaultfd: use secure anon inodes for userfaultfd
> >
> > Lokesh Gidra (1):
> > security: add inode_init_security_anon() LSM hook
> >
> > fs/anon_inodes.c | 150 ++++++++++++++++++++--------
> > fs/libfs.c | 5 -
> > fs/userfaultfd.c | 19 ++--
> > include/linux/anon_inodes.h | 5 +
> > include/linux/lsm_hook_defs.h | 2 +
> > include/linux/lsm_hooks.h | 9 ++
> > include/linux/security.h | 10 ++
> > security/security.c | 8 ++
> > security/selinux/hooks.c | 57 +++++++++++
> > security/selinux/include/classmap.h | 2 +
> > 10 files changed, 213 insertions(+), 54 deletions(-)
>
> With several rounds of reviews done and the corresponding SELinux test
> suite looking close to being ready I think it makes sense to merge
> this via the SELinux tree. VFS folks, if you have any comments or
> objections please let me know soon. If I don't hear anything within
> the next day or two I'll go ahead and merge this for linux-next.
With no comments over the last two days I merged the patchset into
selinux/next. Thanks for all your work and patience on this Lokesh.
Also, it looks like you are very close to getting the associated
SELinux test suite additions merged, please continue to work with
Ondrej to get those merged soon.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2021-01-14 22:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-08 22:22 Lokesh Gidra
2021-01-08 22:22 ` [PATCH v15 1/4] security: add inode_init_security_anon() LSM hook Lokesh Gidra
2021-01-08 22:22 ` [PATCH v15 2/4] fs: add LSM-supporting anon-inode interface Lokesh Gidra
2021-01-08 22:22 ` [PATCH v15 3/4] selinux: teach SELinux about anonymous inodes Lokesh Gidra
2021-01-08 22:22 ` [PATCH v15 4/4] userfaultfd: use secure anon inodes for userfaultfd Lokesh Gidra
2021-01-12 17:15 ` [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD Paul Moore
2021-01-14 22:47 ` Paul Moore [this message]
2021-01-14 22:50 ` Lokesh Gidra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhRGZCRV2T6y80MXtutsZRw4hR+wxgte3__vyG50yAn4qw@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=anders.roxell@linaro.org \
--cc=areber@redhat.com \
--cc=ast@kernel.org \
--cc=calin@google.com \
--cc=casey@schaufler-ca.com \
--cc=christian.brauner@ubuntu.com \
--cc=cyphar@cyphar.com \
--cc=dancol@dancol.org \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=ebiggers@kernel.org \
--cc=eparis@parisplace.org \
--cc=hch@infradead.org \
--cc=jeffv@google.com \
--cc=jmorris@namei.org \
--cc=joel@joelfernandes.org \
--cc=kaleshsingh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=kpsingh@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lokeshgidra@google.com \
--cc=matthewgarrett@google.com \
--cc=rdunlap@infradead.org \
--cc=samitolvanen@google.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=surenb@google.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox