* [PATCH] security/landlock: use square brackets around "landlock-ruleset" @ 2021-10-11 13:37 Christian Brauner 2021-10-11 14:38 ` Mickaël Salaün 0 siblings, 1 reply; 9+ messages in thread From: Christian Brauner @ 2021-10-11 13:37 UTC (permalink / raw) To: Mickaël Salaün; +Cc: linux-security-module, Christian Brauner From: Christian Brauner <christian.brauner@ubuntu.com> Make the name of the anon inode fd "[landlock-ruleset]" instead of "landlock-ruleset". This is minor but most anon inode fds already carry square brackets around their name: [eventfd] [eventpoll] [fanotify] [fscontext] [io_uring] [pidfd] [signalfd] [timerfd] [userfaultfd] For the sake of consistency lets do the same for the landlock-ruleset anon inode fd that comes with landlock. We did the same in 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") for the new mount api. Cc: Mickaël Salaün <mic@digikod.net> Cc: linux-security-module@vger.kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- security/landlock/syscalls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c index 32396962f04d..7e27ce394020 100644 --- a/security/landlock/syscalls.c +++ b/security/landlock/syscalls.c @@ -192,7 +192,7 @@ SYSCALL_DEFINE3(landlock_create_ruleset, return PTR_ERR(ruleset); /* Creates anonymous FD referring to the ruleset. */ - ruleset_fd = anon_inode_getfd("landlock-ruleset", &ruleset_fops, + ruleset_fd = anon_inode_getfd("[landlock-ruleset]", &ruleset_fops, ruleset, O_RDWR | O_CLOEXEC); if (ruleset_fd < 0) landlock_put_ruleset(ruleset); base-commit: 9e1ff307c779ce1f0f810c7ecce3d95bbae40896 -- 2.30.2 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-11 13:37 [PATCH] security/landlock: use square brackets around "landlock-ruleset" Christian Brauner @ 2021-10-11 14:38 ` Mickaël Salaün 2021-10-12 10:38 ` Christian Brauner 0 siblings, 1 reply; 9+ messages in thread From: Mickaël Salaün @ 2021-10-11 14:38 UTC (permalink / raw) To: Christian Brauner; +Cc: linux-security-module, Christian Brauner On 11/10/2021 15:37, Christian Brauner wrote: > From: Christian Brauner <christian.brauner@ubuntu.com> > > Make the name of the anon inode fd "[landlock-ruleset]" instead of > "landlock-ruleset". This is minor but most anon inode fds already > carry square brackets around their name: > > [eventfd] > [eventpoll] > [fanotify] > [fscontext] > [io_uring] > [pidfd] > [signalfd] > [timerfd] > [userfaultfd] > > For the sake of consistency lets do the same for the landlock-ruleset anon > inode fd that comes with landlock. We did the same in > 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") > for the new mount api. Before creating "landlock-ruleset" FD, I looked at other anonymous FD and saw this kind of inconsistency. I don't get why we need to add extra characters to names, those brackets seem useless. If it should be part of the interface, why is it not enforced by anon_inode_getfd()? There is a lot of other names that come without brackets (e.g. inotify, bpf-*, btf, kvm-*, iio*). Do you plan to send patches for those too? Changing such FD names could break user space because they may already be exposed and used (e.g. through SELinux). ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-11 14:38 ` Mickaël Salaün @ 2021-10-12 10:38 ` Christian Brauner 2021-10-12 18:11 ` Paul Moore 0 siblings, 1 reply; 9+ messages in thread From: Christian Brauner @ 2021-10-12 10:38 UTC (permalink / raw) To: Mickaël Salaün; +Cc: Christian Brauner, linux-security-module On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: > > On 11/10/2021 15:37, Christian Brauner wrote: > > From: Christian Brauner <christian.brauner@ubuntu.com> > > > > Make the name of the anon inode fd "[landlock-ruleset]" instead of > > "landlock-ruleset". This is minor but most anon inode fds already > > carry square brackets around their name: > > > > [eventfd] > > [eventpoll] > > [fanotify] > > [fscontext] > > [io_uring] > > [pidfd] > > [signalfd] > > [timerfd] > > [userfaultfd] > > > > For the sake of consistency lets do the same for the landlock-ruleset anon > > inode fd that comes with landlock. We did the same in > > 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") > > for the new mount api. > > Before creating "landlock-ruleset" FD, I looked at other anonymous FD > and saw this kind of inconsistency. I don't get why we need to add extra > characters to names, those brackets seem useless. If it should be part Past inconsistency shouldn't justify future inconsistency. If you have a strong opinion about this for landlock I'm not going to push for it. Exchanging more than 2-3 email about something like this seems too much. > of the interface, why is it not enforced by anon_inode_getfd()? Sure, we can add that too. > > There is a lot of other names that come without brackets (e.g. inotify, > bpf-*, btf, kvm-*, iio*). Do you plan to send patches for those too? > Changing such FD names could break user space because they may already > be exposed and used (e.g. through SELinux). We didn't do it for bpf and kvm stuff because it has been that way for a long time. We try to do it for all new ones. Christian ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-12 10:38 ` Christian Brauner @ 2021-10-12 18:11 ` Paul Moore 2021-10-12 20:38 ` Ondrej Mosnacek 0 siblings, 1 reply; 9+ messages in thread From: Paul Moore @ 2021-10-12 18:11 UTC (permalink / raw) To: Chris PeBenito, Petr Lautrbach Cc: Mickaël Salaün, Christian Brauner, Christian Brauner, linux-security-module, selinux On Tue, Oct 12, 2021 at 6:38 AM Christian Brauner <christian.brauner@ubuntu.com> wrote: > On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: > > On 11/10/2021 15:37, Christian Brauner wrote: > > > From: Christian Brauner <christian.brauner@ubuntu.com> > > > > > > Make the name of the anon inode fd "[landlock-ruleset]" instead of > > > "landlock-ruleset". This is minor but most anon inode fds already > > > carry square brackets around their name: > > > > > > [eventfd] > > > [eventpoll] > > > [fanotify] > > > [fscontext] > > > [io_uring] > > > [pidfd] > > > [signalfd] > > > [timerfd] > > > [userfaultfd] > > > > > > For the sake of consistency lets do the same for the landlock-ruleset anon > > > inode fd that comes with landlock. We did the same in > > > 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") > > > for the new mount api. > > > > Before creating "landlock-ruleset" FD, I looked at other anonymous FD > > and saw this kind of inconsistency. I don't get why we need to add extra > > characters to names, those brackets seem useless. If it should be part > > Past inconsistency shouldn't justify future inconsistency. If you have a > strong opinion about this for landlock I'm not going to push for it. > Exchanging more than 2-3 email about something like this seems too much. [NOTE: adding the SELinux list as well as Chris (SELinux refrence policy maintainer) and Petr (Fedora/RHEL SELinux)] Chris and Petr, do either of you currently have any policy that references the "landlock-ruleset" anonymous inode? In other words, would adding the brackets around the name cause you any problems? -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-12 18:11 ` Paul Moore @ 2021-10-12 20:38 ` Ondrej Mosnacek 2021-10-12 21:09 ` Paul Moore 0 siblings, 1 reply; 9+ messages in thread From: Ondrej Mosnacek @ 2021-10-12 20:38 UTC (permalink / raw) To: Paul Moore Cc: Chris PeBenito, Petr Lautrbach, Mickaël Salaün, Christian Brauner, Christian Brauner, Linux Security Module list, SElinux list On Tue, Oct 12, 2021 at 8:12 PM Paul Moore <paul@paul-moore.com> wrote: > On Tue, Oct 12, 2021 at 6:38 AM Christian Brauner > <christian.brauner@ubuntu.com> wrote: > > On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: > > > On 11/10/2021 15:37, Christian Brauner wrote: > > > > From: Christian Brauner <christian.brauner@ubuntu.com> > > > > > > > > Make the name of the anon inode fd "[landlock-ruleset]" instead of > > > > "landlock-ruleset". This is minor but most anon inode fds already > > > > carry square brackets around their name: > > > > > > > > [eventfd] > > > > [eventpoll] > > > > [fanotify] > > > > [fscontext] > > > > [io_uring] > > > > [pidfd] > > > > [signalfd] > > > > [timerfd] > > > > [userfaultfd] > > > > > > > > For the sake of consistency lets do the same for the landlock-ruleset anon > > > > inode fd that comes with landlock. We did the same in > > > > 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") > > > > for the new mount api. > > > > > > Before creating "landlock-ruleset" FD, I looked at other anonymous FD > > > and saw this kind of inconsistency. I don't get why we need to add extra > > > characters to names, those brackets seem useless. If it should be part > > > > Past inconsistency shouldn't justify future inconsistency. If you have a > > strong opinion about this for landlock I'm not going to push for it. > > Exchanging more than 2-3 email about something like this seems too much. > > [NOTE: adding the SELinux list as well as Chris (SELinux refrence > policy maintainer) and Petr (Fedora/RHEL SELinux)] > > Chris and Petr, do either of you currently have any policy that > references the "landlock-ruleset" anonymous inode? In other words, > would adding the brackets around the name cause you any problems? AFAIU, the anon_inode transitions (the only mechanism where the "file name" would be exposed to the policy) are done only for inodes created by anon_inode_getfd_secure(), which is currently only used by userfaultfd. So you don't even need to ask that question; at this point it should be safe to change any of the names except "[userfaultfd]" as far as SELinux policy is concerned. -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-12 20:38 ` Ondrej Mosnacek @ 2021-10-12 21:09 ` Paul Moore 2021-10-13 15:47 ` Mickaël Salaün 0 siblings, 1 reply; 9+ messages in thread From: Paul Moore @ 2021-10-12 21:09 UTC (permalink / raw) To: Ondrej Mosnacek Cc: Chris PeBenito, Petr Lautrbach, Mickaël Salaün, Christian Brauner, Christian Brauner, Linux Security Module list, SElinux list On Tue, Oct 12, 2021 at 4:38 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > On Tue, Oct 12, 2021 at 8:12 PM Paul Moore <paul@paul-moore.com> wrote: > > On Tue, Oct 12, 2021 at 6:38 AM Christian Brauner > > <christian.brauner@ubuntu.com> wrote: > > > On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: > > > > On 11/10/2021 15:37, Christian Brauner wrote: > > > > > From: Christian Brauner <christian.brauner@ubuntu.com> > > > > > > > > > > Make the name of the anon inode fd "[landlock-ruleset]" instead of > > > > > "landlock-ruleset". This is minor but most anon inode fds already > > > > > carry square brackets around their name: > > > > > > > > > > [eventfd] > > > > > [eventpoll] > > > > > [fanotify] > > > > > [fscontext] > > > > > [io_uring] > > > > > [pidfd] > > > > > [signalfd] > > > > > [timerfd] > > > > > [userfaultfd] > > > > > > > > > > For the sake of consistency lets do the same for the landlock-ruleset anon > > > > > inode fd that comes with landlock. We did the same in > > > > > 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") > > > > > for the new mount api. > > > > > > > > Before creating "landlock-ruleset" FD, I looked at other anonymous FD > > > > and saw this kind of inconsistency. I don't get why we need to add extra > > > > characters to names, those brackets seem useless. If it should be part > > > > > > Past inconsistency shouldn't justify future inconsistency. If you have a > > > strong opinion about this for landlock I'm not going to push for it. > > > Exchanging more than 2-3 email about something like this seems too much. > > > > [NOTE: adding the SELinux list as well as Chris (SELinux refrence > > policy maintainer) and Petr (Fedora/RHEL SELinux)] > > > > Chris and Petr, do either of you currently have any policy that > > references the "landlock-ruleset" anonymous inode? In other words, > > would adding the brackets around the name cause you any problems? > > AFAIU, the anon_inode transitions (the only mechanism where the "file > name" would be exposed to the policy) are done only for inodes created > by anon_inode_getfd_secure(), which is currently only used by > userfaultfd. So you don't even need to ask that question; at this > point it should be safe to change any of the names except > "[userfaultfd]" as far as SELinux policy is concerned. There is also io_uring if you look at selinux/next. Regardless, thanks, I didn't check to see if landlock was using the new anon inode interface, since both Mickaël and Christian were concerned about breaking SELinux I had assumed they were using it :) -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-12 21:09 ` Paul Moore @ 2021-10-13 15:47 ` Mickaël Salaün 2021-10-15 9:10 ` Christian Brauner 0 siblings, 1 reply; 9+ messages in thread From: Mickaël Salaün @ 2021-10-13 15:47 UTC (permalink / raw) To: Paul Moore, Ondrej Mosnacek, Christian Brauner Cc: Chris PeBenito, Petr Lautrbach, Christian Brauner, Linux Security Module list, SElinux list On 12/10/2021 23:09, Paul Moore wrote: > On Tue, Oct 12, 2021 at 4:38 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: >> >> On Tue, Oct 12, 2021 at 8:12 PM Paul Moore <paul@paul-moore.com> wrote: >>> On Tue, Oct 12, 2021 at 6:38 AM Christian Brauner >>> <christian.brauner@ubuntu.com> wrote: >>>> On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: >>>>> On 11/10/2021 15:37, Christian Brauner wrote: >>>>>> From: Christian Brauner <christian.brauner@ubuntu.com> >>>>>> >>>>>> Make the name of the anon inode fd "[landlock-ruleset]" instead of >>>>>> "landlock-ruleset". This is minor but most anon inode fds already >>>>>> carry square brackets around their name: >>>>>> >>>>>> [eventfd] >>>>>> [eventpoll] >>>>>> [fanotify] >>>>>> [fscontext] >>>>>> [io_uring] >>>>>> [pidfd] >>>>>> [signalfd] >>>>>> [timerfd] >>>>>> [userfaultfd] >>>>>> >>>>>> For the sake of consistency lets do the same for the landlock-ruleset anon >>>>>> inode fd that comes with landlock. We did the same in >>>>>> 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") >>>>>> for the new mount api. >>>>> >>>>> Before creating "landlock-ruleset" FD, I looked at other anonymous FD >>>>> and saw this kind of inconsistency. I don't get why we need to add extra >>>>> characters to names, those brackets seem useless. If it should be part >>>> >>>> Past inconsistency shouldn't justify future inconsistency. If you have a >>>> strong opinion about this for landlock I'm not going to push for it. >>>> Exchanging more than 2-3 email about something like this seems too much. >>> >>> [NOTE: adding the SELinux list as well as Chris (SELinux refrence >>> policy maintainer) and Petr (Fedora/RHEL SELinux)] >>> >>> Chris and Petr, do either of you currently have any policy that >>> references the "landlock-ruleset" anonymous inode? In other words, >>> would adding the brackets around the name cause you any problems? >> >> AFAIU, the anon_inode transitions (the only mechanism where the "file >> name" would be exposed to the policy) are done only for inodes created >> by anon_inode_getfd_secure(), which is currently only used by >> userfaultfd. So you don't even need to ask that question; at this >> point it should be safe to change any of the names except >> "[userfaultfd]" as far as SELinux policy is concerned. > > There is also io_uring if you look at selinux/next. > > Regardless, thanks, I didn't check to see if landlock was using the > new anon inode interface, since both Mickaël and Christian were > concerned about breaking SELinux I had assumed they were using it :) > Ok, thanks Paul and Ondrej. Such anonymous inode names seem to be only exposed to proc for now. Let's change this name then. I think it make sense to backport this patch down to 5.13 to fix all the inconsistencies. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-13 15:47 ` Mickaël Salaün @ 2021-10-15 9:10 ` Christian Brauner 2021-10-15 11:47 ` Mickaël Salaün 0 siblings, 1 reply; 9+ messages in thread From: Christian Brauner @ 2021-10-15 9:10 UTC (permalink / raw) To: Mickaël Salaün Cc: Paul Moore, Ondrej Mosnacek, Christian Brauner, Chris PeBenito, Petr Lautrbach, Linux Security Module list, SElinux list On Wed, Oct 13, 2021 at 05:47:53PM +0200, Mickaël Salaün wrote: > > On 12/10/2021 23:09, Paul Moore wrote: > > On Tue, Oct 12, 2021 at 4:38 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > >> > >> On Tue, Oct 12, 2021 at 8:12 PM Paul Moore <paul@paul-moore.com> wrote: > >>> On Tue, Oct 12, 2021 at 6:38 AM Christian Brauner > >>> <christian.brauner@ubuntu.com> wrote: > >>>> On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: > >>>>> On 11/10/2021 15:37, Christian Brauner wrote: > >>>>>> From: Christian Brauner <christian.brauner@ubuntu.com> > >>>>>> > >>>>>> Make the name of the anon inode fd "[landlock-ruleset]" instead of > >>>>>> "landlock-ruleset". This is minor but most anon inode fds already > >>>>>> carry square brackets around their name: > >>>>>> > >>>>>> [eventfd] > >>>>>> [eventpoll] > >>>>>> [fanotify] > >>>>>> [fscontext] > >>>>>> [io_uring] > >>>>>> [pidfd] > >>>>>> [signalfd] > >>>>>> [timerfd] > >>>>>> [userfaultfd] > >>>>>> > >>>>>> For the sake of consistency lets do the same for the landlock-ruleset anon > >>>>>> inode fd that comes with landlock. We did the same in > >>>>>> 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") > >>>>>> for the new mount api. > >>>>> > >>>>> Before creating "landlock-ruleset" FD, I looked at other anonymous FD > >>>>> and saw this kind of inconsistency. I don't get why we need to add extra > >>>>> characters to names, those brackets seem useless. If it should be part > >>>> > >>>> Past inconsistency shouldn't justify future inconsistency. If you have a > >>>> strong opinion about this for landlock I'm not going to push for it. > >>>> Exchanging more than 2-3 email about something like this seems too much. > >>> > >>> [NOTE: adding the SELinux list as well as Chris (SELinux refrence > >>> policy maintainer) and Petr (Fedora/RHEL SELinux)] > >>> > >>> Chris and Petr, do either of you currently have any policy that > >>> references the "landlock-ruleset" anonymous inode? In other words, > >>> would adding the brackets around the name cause you any problems? > >> > >> AFAIU, the anon_inode transitions (the only mechanism where the "file > >> name" would be exposed to the policy) are done only for inodes created > >> by anon_inode_getfd_secure(), which is currently only used by > >> userfaultfd. So you don't even need to ask that question; at this > >> point it should be safe to change any of the names except > >> "[userfaultfd]" as far as SELinux policy is concerned. > > > > There is also io_uring if you look at selinux/next. > > > > Regardless, thanks, I didn't check to see if landlock was using the > > new anon inode interface, since both Mickaël and Christian were > > concerned about breaking SELinux I had assumed they were using it :) > > > > Ok, thanks Paul and Ondrej. > > Such anonymous inode names seem to be only exposed to proc for now. > Let's change this name then. I think it make sense to backport this > patch down to 5.13 to fix all the inconsistencies. Thank you. I do appreciate the point about this being annoying that we have this inconsistency and it has bothered me too. Christian ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] security/landlock: use square brackets around "landlock-ruleset" 2021-10-15 9:10 ` Christian Brauner @ 2021-10-15 11:47 ` Mickaël Salaün 0 siblings, 0 replies; 9+ messages in thread From: Mickaël Salaün @ 2021-10-15 11:47 UTC (permalink / raw) To: Linux API, stable Cc: Paul Moore, Ondrej Mosnacek, Christian Brauner, Chris PeBenito, Petr Lautrbach, Linux Security Module list, SElinux list, Christian Brauner CCing linux-api and stable to give them a chance to confirm that changing proc symlink content is OK. On 15/10/2021 11:10, Christian Brauner wrote: > On Wed, Oct 13, 2021 at 05:47:53PM +0200, Mickaël Salaün wrote: >> >> On 12/10/2021 23:09, Paul Moore wrote: >>> On Tue, Oct 12, 2021 at 4:38 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: >>>> >>>> On Tue, Oct 12, 2021 at 8:12 PM Paul Moore <paul@paul-moore.com> wrote: >>>>> On Tue, Oct 12, 2021 at 6:38 AM Christian Brauner >>>>> <christian.brauner@ubuntu.com> wrote: >>>>>> On Mon, Oct 11, 2021 at 04:38:55PM +0200, Mickaël Salaün wrote: >>>>>>> On 11/10/2021 15:37, Christian Brauner wrote: >>>>>>>> From: Christian Brauner <christian.brauner@ubuntu.com> >>>>>>>> >>>>>>>> Make the name of the anon inode fd "[landlock-ruleset]" instead of >>>>>>>> "landlock-ruleset". This is minor but most anon inode fds already >>>>>>>> carry square brackets around their name: >>>>>>>> >>>>>>>> [eventfd] >>>>>>>> [eventpoll] >>>>>>>> [fanotify] >>>>>>>> [fscontext] >>>>>>>> [io_uring] >>>>>>>> [pidfd] >>>>>>>> [signalfd] >>>>>>>> [timerfd] >>>>>>>> [userfaultfd] >>>>>>>> >>>>>>>> For the sake of consistency lets do the same for the landlock-ruleset anon >>>>>>>> inode fd that comes with landlock. We did the same in >>>>>>>> 1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]") >>>>>>>> for the new mount api. >>>>>>> >>>>>>> Before creating "landlock-ruleset" FD, I looked at other anonymous FD >>>>>>> and saw this kind of inconsistency. I don't get why we need to add extra >>>>>>> characters to names, those brackets seem useless. If it should be part >>>>>> >>>>>> Past inconsistency shouldn't justify future inconsistency. If you have a >>>>>> strong opinion about this for landlock I'm not going to push for it. >>>>>> Exchanging more than 2-3 email about something like this seems too much. >>>>> >>>>> [NOTE: adding the SELinux list as well as Chris (SELinux refrence >>>>> policy maintainer) and Petr (Fedora/RHEL SELinux)] >>>>> >>>>> Chris and Petr, do either of you currently have any policy that >>>>> references the "landlock-ruleset" anonymous inode? In other words, >>>>> would adding the brackets around the name cause you any problems? >>>> >>>> AFAIU, the anon_inode transitions (the only mechanism where the "file >>>> name" would be exposed to the policy) are done only for inodes created >>>> by anon_inode_getfd_secure(), which is currently only used by >>>> userfaultfd. So you don't even need to ask that question; at this >>>> point it should be safe to change any of the names except >>>> "[userfaultfd]" as far as SELinux policy is concerned. >>> >>> There is also io_uring if you look at selinux/next. >>> >>> Regardless, thanks, I didn't check to see if landlock was using the >>> new anon inode interface, since both Mickaël and Christian were >>> concerned about breaking SELinux I had assumed they were using it :) >>> >> >> Ok, thanks Paul and Ondrej. >> >> Such anonymous inode names seem to be only exposed to proc for now. >> Let's change this name then. I think it make sense to backport this >> patch down to 5.13 to fix all the inconsistencies. > > Thank you. I do appreciate the point about this being annoying that we > have this inconsistency and it has bothered me too. > > Christian > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-10-15 11:55 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-10-11 13:37 [PATCH] security/landlock: use square brackets around "landlock-ruleset" Christian Brauner 2021-10-11 14:38 ` Mickaël Salaün 2021-10-12 10:38 ` Christian Brauner 2021-10-12 18:11 ` Paul Moore 2021-10-12 20:38 ` Ondrej Mosnacek 2021-10-12 21:09 ` Paul Moore 2021-10-13 15:47 ` Mickaël Salaün 2021-10-15 9:10 ` Christian Brauner 2021-10-15 11:47 ` Mickaël Salaün
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.