From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50826C433DB for ; Thu, 14 Jan 2021 22:47:34 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BE17623435 for ; Thu, 14 Jan 2021 22:47:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BE17623435 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=paul-moore.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id F37AB6B00A5; Thu, 14 Jan 2021 17:47:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EC3EB8D0131; Thu, 14 Jan 2021 17:47:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D8A368D00F0; Thu, 14 Jan 2021 17:47:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0024.hostedemail.com [216.40.44.24]) by kanga.kvack.org (Postfix) with ESMTP id BEA156B00A5 for ; Thu, 14 Jan 2021 17:47:32 -0500 (EST) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 863A1349B for ; Thu, 14 Jan 2021 22:47:32 +0000 (UTC) X-FDA: 77705868744.12.fowl88_550e0902752a Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin12.hostedemail.com (Postfix) with ESMTP id 5E8F31801BE25 for ; Thu, 14 Jan 2021 22:47:32 +0000 (UTC) X-HE-Tag: fowl88_550e0902752a X-Filterd-Recvd-Size: 5969 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) by imf47.hostedemail.com (Postfix) with ESMTP for ; Thu, 14 Jan 2021 22:47:31 +0000 (UTC) Received: by mail-ej1-f50.google.com with SMTP id ke15so2955295ejc.12 for ; Thu, 14 Jan 2021 14:47:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2zyDFVEgfwCeZaxKwpzwQSp3ENtudOHEif4oCCEAR3E=; b=TqNDT0u54KKuZPvEJdgLc1BhKdSRJPLW1LJHvOvGAaBvBs4kHyzeqQHQo0Zyrkqjx1 lzX6EDXpknEf0RoD3BqR1cWEvy7Z8uUBHF/xWiL+0I8VBjJFwRvAS/8aoouOpLGXmRa7 R45rYHgZYLxfjqP3oOGi6u//o07lC9Rgib+kTkm+RXWb6jTjtPe2cWfwVav1JlOPw3sz 2JCzNBccFYm//zfrDFPjG6s0COtZziTcerO1SBeMPQNem6Zxuga3Xqxf/r7TbTZqa5mp Rf6D14gNJ1nRU3RODPPftA61SRAPdRRR/U1Jz4R25o4tL7ChogkPHvGilIwEnRVfJoFq F1OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2zyDFVEgfwCeZaxKwpzwQSp3ENtudOHEif4oCCEAR3E=; b=hqCuD4/kt7vsZt1R0dFCEV+1Jp77o8eoeW2UOVQRD2+ymeU5Brmrs1j9s8lUmH2Bv9 /NB1ZEi5uVMRZyVHAHsilz4TFAEEYRf48/V98gzKR6MmkRlJ42O5a8NKoaovJRvL7Pc0 1MIudUTHyDwGymHd/hsWj3VEsrDg7aytikPWvwVfgynD8MfHzOxCNt+yoyC1NAzGI/Fz 50xvgjVcueKpdYffJKDAmg/FHojgPTxxnStNcDY6a3nSU/ARWWEtsCFvGr8IQhf4X3O5 LgkcHcVEbSQ9i4yQ9Pgtd51YSCyRs33MaT1tv4Y7lijxmCheIll3Pa/zY2p6SIULqc6O B4qA== X-Gm-Message-State: AOAM530t3NNPrOyczyIoiiAwDDxIHFT4a4yd652uZegTJwlruE+hRt1o 8KNdqal0BgvLaHh4D8yb3DBEhrBdPf0ouz845PGO X-Google-Smtp-Source: ABdhPJzsSKmcY/ZVWEMyE355NLC9n/PtlEUotQjvcYcEiSbDaJnFMkRXC21GqZwdsA/4/83NkBdNe4MaxBttarJjJvU= X-Received: by 2002:a17:906:2e82:: with SMTP id o2mr6947496eji.106.1610664450156; Thu, 14 Jan 2021 14:47:30 -0800 (PST) MIME-Version: 1.0 References: <20210108222223.952458-1-lokeshgidra@google.com> In-Reply-To: From: Paul Moore Date: Thu, 14 Jan 2021 17:47:19 -0500 Message-ID: Subject: Re: [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD To: Lokesh Gidra Cc: Andrea Arcangeli , Alexander Viro , James Morris , Stephen Smalley , Casey Schaufler , Eric Biggers , "Serge E. Hallyn" , Eric Paris , Daniel Colascione , Kees Cook , "Eric W. Biederman" , KP Singh , David Howells , Anders Roxell , Sami Tolvanen , Matthew Garrett , Randy Dunlap , "Joel Fernandes (Google)" , YueHaibing , Christian Brauner , Alexei Starovoitov , Adrian Reber , Aleksa Sarai , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, kaleshsingh@google.com, calin@google.com, surenb@google.com, jeffv@google.com, kernel-team@android.com, linux-mm@kvack.org, Andrew Morton , hch@infradead.org Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Jan 12, 2021 at 12:15 PM Paul Moore wrote: > > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra wrote: > > > > Userfaultfd in unprivileged contexts could be potentially very > > useful. We'd like to harden userfaultfd to make such unprivileged use > > less risky. This patch series allows SELinux to manage userfaultfd > > file descriptors and in the future, other kinds of > > anonymous-inode-based file descriptor. > > ... > > > Daniel Colascione (3): > > fs: add LSM-supporting anon-inode interface > > selinux: teach SELinux about anonymous inodes > > userfaultfd: use secure anon inodes for userfaultfd > > > > Lokesh Gidra (1): > > security: add inode_init_security_anon() LSM hook > > > > fs/anon_inodes.c | 150 ++++++++++++++++++++-------- > > fs/libfs.c | 5 - > > fs/userfaultfd.c | 19 ++-- > > include/linux/anon_inodes.h | 5 + > > include/linux/lsm_hook_defs.h | 2 + > > include/linux/lsm_hooks.h | 9 ++ > > include/linux/security.h | 10 ++ > > security/security.c | 8 ++ > > security/selinux/hooks.c | 57 +++++++++++ > > security/selinux/include/classmap.h | 2 + > > 10 files changed, 213 insertions(+), 54 deletions(-) > > With several rounds of reviews done and the corresponding SELinux test > suite looking close to being ready I think it makes sense to merge > this via the SELinux tree. VFS folks, if you have any comments or > objections please let me know soon. If I don't hear anything within > the next day or two I'll go ahead and merge this for linux-next. With no comments over the last two days I merged the patchset into selinux/next. Thanks for all your work and patience on this Lokesh. Also, it looks like you are very close to getting the associated SELinux test suite additions merged, please continue to work with Ondrej to get those merged soon. -- paul moore www.paul-moore.com