lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQJcvwb_5dY-FomsDzJWZQG_5EWLmjBFJYNqomd0f9XO+w@mail.gmail.com> Date: Tue, 9 Aug 2022 17:51:50 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Paul Moore <paul@...l-moore.com> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Frederick Lawler <fred@...udflare.com>, KP Singh <kpsingh@...nel.org>, Florent Revest <revest@...omium.org>, Brendan Jackman <jackmanb@...omium.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>, James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, Stephen Smalley <stephen.smalley.work@...il.com>, eparis@...isplace.org, Shuah Khan <shuah@...nel.org>, Christian Brauner <brauner@...nel.org>, Casey Schaufler <casey@...aufler-ca.com>, bpf <bpf@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, selinux@...r.kernel.org, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Network Development <netdev@...r.kernel.org>, kernel-team <kernel-team@...udflare.com>, Christian Göttsche <cgzones@...glemail.com>, karl@...badwolfsecurity.com Subject: Re: [PATCH v4 0/4] Introduce security_create_user_ns() On Tue, Aug 9, 2022 at 3:40 PM Paul Moore <paul@...l-moore.com> wrote: > > On Tue, Aug 9, 2022 at 5:41 PM Eric W. Biederman <ebiederm@...ssion.com> wrote: > > Paul Moore <paul@...l-moore.com> writes: > > > > > > What level of due diligence would satisfy you Eric? > > > > Having a real conversation about what a change is doing and to talk > > about it's merits and it's pro's and cons. I can't promise I would be > > convinced but that is the kind of conversation it would take. > > Earlier today you talked about due diligence to ensure that userspace > won't break and I provided my reasoning on why userspace would not > break (at least not because of this change). Userspace might be > blocked from creating a new user namespace due to a security policy, > but that would be the expected and desired outcome, not breakage. As > far as your most recent comment regarding merit and pros/cons, I > believe we have had that discussion (quite a few times already); it > just seems you are not satisfied with the majority's conclusion. > > Personally, I'm not sure there is anything more I can do to convince > you that this patchset is reasonable; I'm going to leave it to others > at this point, or we can all simply agree to disagree for the moment. > Just as you haven't heard a compelling argument for this patchset, I > haven't heard a compelling argument against it. Barring some > significant new discussion point, or opinion, I still plan on merging > this into the LSM next branch when the merge window closes next week > so it has time to go through a full round of linux-next testing. > Assuming no unresolvable problems are found during the additional > testing I plan to send it to Linus during the v6.1 merge window and > I'm guessing we will get to go through this all again. It's less than > ideal, but I think this is where we are at right now. +1
Powered by blists - more mailing lists