lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhRkHuwjrtOoK+vn9zzERU2TM_2PEbQGRAZsr-D1pFv9GQ@mail.gmail.com> Date: Tue, 9 Aug 2022 18:40:14 -0400 From: Paul Moore <paul@...l-moore.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Frederick Lawler <fred@...udflare.com>, kpsingh@...nel.org, revest@...omium.org, jackmanb@...omium.org, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, kafai@...com, songliubraving@...com, yhs@...com, john.fastabend@...il.com, jmorris@...ei.org, serge@...lyn.com, stephen.smalley.work@...il.com, eparis@...isplace.org, shuah@...nel.org, brauner@...nel.org, casey@...aufler-ca.com, bpf@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, kernel-team@...udflare.com, cgzones@...glemail.com, karl@...badwolfsecurity.com Subject: Re: [PATCH v4 0/4] Introduce security_create_user_ns() On Tue, Aug 9, 2022 at 5:41 PM Eric W. Biederman <ebiederm@...ssion.com> wrote: > Paul Moore <paul@...l-moore.com> writes: > > > > What level of due diligence would satisfy you Eric? > > Having a real conversation about what a change is doing and to talk > about it's merits and it's pro's and cons. I can't promise I would be > convinced but that is the kind of conversation it would take. Earlier today you talked about due diligence to ensure that userspace won't break and I provided my reasoning on why userspace would not break (at least not because of this change). Userspace might be blocked from creating a new user namespace due to a security policy, but that would be the expected and desired outcome, not breakage. As far as your most recent comment regarding merit and pros/cons, I believe we have had that discussion (quite a few times already); it just seems you are not satisfied with the majority's conclusion. Personally, I'm not sure there is anything more I can do to convince you that this patchset is reasonable; I'm going to leave it to others at this point, or we can all simply agree to disagree for the moment. Just as you haven't heard a compelling argument for this patchset, I haven't heard a compelling argument against it. Barring some significant new discussion point, or opinion, I still plan on merging this into the LSM next branch when the merge window closes next week so it has time to go through a full round of linux-next testing. Assuming no unresolvable problems are found during the additional testing I plan to send it to Linus during the v6.1 merge window and I'm guessing we will get to go through this all again. It's less than ideal, but I think this is where we are at right now. -- paul-moore.com
Powered by blists - more mailing lists