[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87tuy3nzpf.fsf@x220.int.ebiederm.org>
Date: Sun, 19 Jul 2020 13:10:04 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: David Howells <dhowells@...hat.com>
Cc: Stephen Smalley <stephen.smalley.work@...il.com>,
Casey Schaufler <casey@...aufler-ca.com>,
keyrings@...r.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Paul Moore <paul@...l-moore.com>, selinux@...r.kernel.org,
jlayton@...hat.com, christian@...uner.io,
linux-afs@...ts.infradead.org, linux-nfs@...r.kernel.org,
linux-cifs@...r.kernel.org, linux-api@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org,
containers@...ts.linux-foundation.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [RFC PATCH 0/5] keys: Security changes, ACLs and Container keyring
David Howells <dhowells@...hat.com> writes:
> Here are some patches to provide some security changes and some container
> support:
Nacked-by: "Eric W. Biederman" <ebiederm@...ssion.com>
There remain unfixed security issues in the new mount api. Those need
to get fixed before it is even worth anyones time reviewing new code.
Those issues came up in the review. I successfully demonstrated how to
address the security issues in the new mount api before the code was
merged. Yet the code was merged with the security issues present,
and I have not seem those issues addressed.
So far I have had to rewrite two filesystems because of bugs in the
mount API.
Enough is enough. Let's get the what has already been merged sorted
out before we had more.
Eric
Powered by blists - more mailing lists