| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 May 2023 18:01:47 +0200
From: Christian Brauner <brauner@...nel.org>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: Christoph Hellwig <hch@....de>,
Mickaël Salaün <mic@...ikod.net>,
Xiu Jianfeng <xiujianfeng@...wei.com>,
gregkh@...uxfoundation.org, rafael@...nel.org,
viro@...iv.linux.org.uk, dhowells@...hat.com, code@...icks.com,
hirofumi@...l.parknet.co.jp, linkinjeon@...nel.org,
sfrench@...ba.org, senozhatsky@...omium.org, tom@...pey.com,
chuck.lever@...cle.com, jlayton@...nel.org, miklos@...redi.hu,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
stephen.smalley.work@...il.com, eparis@...isplace.org,
dchinner@...hat.com, john.johansen@...onical.com,
mcgrof@...nel.org, mortonm@...omium.org, fred@...udflare.com,
mpe@...erman.id.au, nathanl@...ux.ibm.com, gnoack3000@...il.com,
roberto.sassu@...wei.com, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-cachefs@...hat.com,
ecryptfs@...r.kernel.org, linux-cifs@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-unionfs@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
wangweiyang2@...wei.com
Subject: Re: [PATCH -next 0/2] lsm: Change inode_setattr() to take struct
On Tue, May 30, 2023 at 07:55:17AM -0700, Casey Schaufler wrote:
> On 5/30/2023 7:28 AM, Christoph Hellwig wrote:
> > On Tue, May 30, 2023 at 03:58:35PM +0200, Christian Brauner wrote:
> >> The main concern which was expressed on other patchsets before is that
> >> modifying inode operations to take struct path is not the way to go.
> >> Passing struct path into individual filesystems is a clear layering
> >> violation for most inode operations, sometimes downright not feasible,
> >> and in general exposing struct vfsmount to filesystems is a hard no. At
> >> least as far as I'm concerned.
> > Agreed. Passing struct path into random places is not how the VFS works.
> >
> >> So the best way to achieve the landlock goal might be to add new hooks
> > What is "the landlock goal", and why does it matter?
> >
> >> or not. And we keep adding new LSMs without deprecating older ones (A
> >> problem we also face in the fs layer.) and then they sit around but
> >> still need to be taken into account when doing changes.
> > Yes, I'm really worried about th amount of LSMs we have, and the weird
> > things they do.
>
> Which LSM(s) do you think ought to be deprecated? I only see one that I
I don't have a good insight into what LSMs are actively used or are
effectively unused but I would be curious to hear what LSMs are
considered actively used/maintained from the LSM maintainer's
perspective.
> might consider a candidate. As for weird behavior, that's what LSMs are
> for, and the really weird ones proposed (e.g. pathname character set limitations)
If this is effectively saying that LSMs are licensed to step outside the
rules of the subsystem they're a guest in then it seems unlikely
subsystems will be very excited to let new LSM changes go in important
codepaths going forward. In fact this seems like a good argument against
it.
Powered by blists - more mailing lists