| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhR3dKsXYAxY+1Ujr4weO=iBHMPHsJ3-8f=wM5q_oo81wA@mail.gmail.com> Date: Thu, 5 Jun 2025 14:23:20 -0400 From: Paul Moore <paul@...l-moore.com> To: Mike Rapoport <rppt@...nel.org> Cc: Ackerley Tng <ackerleytng@...gle.com>, linux-security-module@...r.kernel.org, selinux@...r.kernel.org, kvm@...r.kernel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, x86@...nel.org, linux-fsdevel@...r.kernel.org, aik@....com, ajones@...tanamicro.com, akpm@...ux-foundation.org, amoorthy@...gle.com, anthony.yznaga@...cle.com, anup@...infault.org, aou@...s.berkeley.edu, bfoster@...hat.com, binbin.wu@...ux.intel.com, brauner@...nel.org, catalin.marinas@....com, chao.p.peng@...el.com, chenhuacai@...nel.org, dave.hansen@...el.com, david@...hat.com, dmatlack@...gle.com, dwmw@...zon.co.uk, erdemaktas@...gle.com, fan.du@...el.com, fvdl@...gle.com, graf@...zon.com, haibo1.xu@...el.com, hch@...radead.org, hughd@...gle.com, ira.weiny@...el.com, isaku.yamahata@...el.com, jack@...e.cz, james.morse@....com, jarkko@...nel.org, jgg@...pe.ca, jgowans@...zon.com, jhubbard@...dia.com, jroedel@...e.de, jthoughton@...gle.com, jun.miao@...el.com, kai.huang@...el.com, keirf@...gle.com, kent.overstreet@...ux.dev, kirill.shutemov@...el.com, liam.merwick@...cle.com, maciej.wieczor-retman@...el.com, mail@...iej.szmigiero.name, maz@...nel.org, mic@...ikod.net, michael.roth@....com, mpe@...erman.id.au, muchun.song@...ux.dev, nikunj@....com, nsaenz@...zon.es, oliver.upton@...ux.dev, palmer@...belt.com, pankaj.gupta@....com, paul.walmsley@...ive.com, pbonzini@...hat.com, pdurrant@...zon.co.uk, peterx@...hat.com, pgonda@...gle.com, pvorel@...e.cz, qperret@...gle.com, quic_cvanscha@...cinc.com, quic_eberman@...cinc.com, quic_mnalajal@...cinc.com, quic_pderrin@...cinc.com, quic_pheragu@...cinc.com, quic_svaddagi@...cinc.com, quic_tsoni@...cinc.com, richard.weiyang@...il.com, rick.p.edgecombe@...el.com, rientjes@...gle.com, roypat@...zon.co.uk, seanjc@...gle.com, shuah@...nel.org, steven.price@....com, steven.sistare@...cle.com, suzuki.poulose@....com, tabba@...gle.com, thomas.lendacky@....com, vannapurve@...gle.com, vbabka@...e.cz, viro@...iv.linux.org.uk, vkuznets@...hat.com, wei.w.wang@...el.com, will@...nel.org, willy@...radead.org, xiaoyao.li@...el.com, yan.y.zhao@...el.com, yilun.xu@...el.com, yuzenghui@...wei.com, zhiquan1.li@...el.com Subject: Re: [PATCH 1/2] fs: Provide function that allocates a secure anonymous inode On Thu, Jun 5, 2025 at 1:50 AM Mike Rapoport <rppt@...nel.org> wrote: > > secretmem always had S_PRIVATE set because alloc_anon_inode() clears it > anyway and this patch does not change it. Yes, my apologies, I didn't look closely enough at the code. > I'm just thinking that it makes sense to actually allow LSM/SELinux > controls that S_PRIVATE bypasses for both secretmem and guest_memfd. It's been a while since we added the anon_inode hooks so I'd have to go dig through the old thread to understand the logic behind marking secretmem S_PRIVATE, especially when the anon_inode_make_secure_inode() function cleared it. It's entirely possible it may have just been an oversight. -- paul-moore.com
Powered by blists - more mailing lists