From: "Mickaël Salaün" <mic@digikod.net>
To: Paul Moore <paul@paul-moore.com>, Jeff Xu <jeffxu@chromium.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
Shervin Oloumi <enlightened@chromium.org>,
linux-security-module@vger.kernel.org, jorgelo@chromium.org,
keescook@chromium.org, groeck@chromium.org,
allenwebb@chromium.org, gnoack3000@gmail.com, areber@redhat.com,
criu@openvz.org, linux-api@vger.kernel.org, jannh@google.com,
brauner@kernel.org
Subject: Re: [PATCH v2] lsm: adds process attribute getter for Landlock
Date: Wed, 24 May 2023 17:38:35 +0200 [thread overview]
Message-ID: <1225a567-4ff5-462e-0db6-1a88a748d787@digikod.net> (raw)
In-Reply-To: <CAHC9VhRD8kfkHr2gfFp10txdDwE0NGSJQd08bRojeJKiKtqq6Q@mail.gmail.com>
On 23/05/2023 23:12, Paul Moore wrote:
> On Tue, May 23, 2023 at 2:13 AM Jeff Xu <jeffxu@chromium.org> wrote:
>> On Mon, May 22, 2023 at 12:56 PM Paul Moore <paul@paul-moore.com> wrote:
>>> On Thu, May 18, 2023 at 5:26 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>>>> On 5/18/2023 1:45 PM, Shervin Oloumi wrote:
>>>>> Adds a new getprocattr hook function to the Landlock LSM, which tracks
>>>>> the landlocked state of the process. This is invoked when user-space
>>>>> reads /proc/[pid]/attr/domain
>>>>
>>>> Please don't add a Landlock specific entry directly in the attr/
>>>> directory. Add it only to attr/landlock.
>>>>
>>>> Also be aware that the LSM maintainer (Paul Moore) wants to move
>>>> away from the /proc/.../attr interfaces in favor of a new system call,
>>>> which is in review.
>>>
>>> What Casey said above.
>>>
>>> There is still some uncertainty around timing, and if we're perfectly
>>> honest, acceptance of the new syscalls at the Linus level, but yes, I
>>> would very much like to see the LSM infrastructure move away from
>>> procfs and towards a syscall API. Part of the reasoning is that the
>>> current procfs API is ill-suited to handle the multiple, stacked LSMs
>>> and the other part being the complexity of procfs in a namespaced
>>> system. If the syscall API is ultimately rejected, we will need to
>>> revisit the idea of a procfs API, but even then I think we'll need to
>>> make some changes to the current approach.
>>>
>>> As I believe we are in the latter stages of review for the syscall
>>> API, perhaps you could take a look and ensure that the current
>>> proposed API works for what you are envisioning with Landlock?
I agree, and since the LSM syscalls are almost ready that should not
change much the timing. In fact, extending these syscalls might be
easier than tweaking the current procfs/attr API for Landlock specific
requirements (e.g. scoped visibility). We should ensure that these
syscalls would be a good fit to return file descriptors, but in the
short term we only need to know if a process is landlocked or not, so a
raw return value (0 or -errno) will be enough.
Mentioning in the LSM syscalls patch series that they may deal with (and
return) file descriptors could help API reviewers though.
>>>
>> Which review/patch to look for the proposed API ?
>
> See Casey's reply if you haven't already. You can also find the LSM
> list archived on lore.kernel.org; that is probably the best way to
> track LSM development if you don't want to subscribe to the list.
>
> * https://lore.kernel.org/linux-security-module
>
>> I guess ChromeOS will need to backport to 5.10 when the proposal is accepted.
>
> Maybe? Distro specific backports aren't generally on-topic for the
> upstream Linux mailing lists, especially large commercial distros with
> plenty of developers to take care of things like that.
>
Backporting the LSM syscall patch series will create conflicts but they
should be manageable and the series should be quite standalone. You'll
need to understand the changes to get a clean backport, so reviewing the
current proposal is a good opportunity to be ready and to catch
potential future issues.
next prev parent reply other threads:[~2023-05-24 15:47 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-02 18:52 [PATCH 0/1] process attribute support for Landlock enlightened
2023-03-02 18:52 ` [PATCH 1/1] lsm: adds process attribute getter " enlightened
2023-03-02 20:24 ` Casey Schaufler
2023-03-03 16:39 ` Günther Noack
2023-03-02 20:22 ` [PATCH 0/1] process attribute support " Casey Schaufler
2023-03-06 22:40 ` Shervin Oloumi
2023-03-07 17:51 ` Casey Schaufler
2023-03-06 19:18 ` Mickaël Salaün
2023-03-07 14:16 ` Mickaël Salaün
2023-03-08 22:25 ` Shervin Oloumi
2023-03-15 9:56 ` Mickaël Salaün
2023-03-16 6:19 ` Günther Noack
2023-03-17 8:38 ` Mickaël Salaün
2023-05-18 20:44 ` Shervin Oloumi
2023-05-24 16:09 ` Mickaël Salaün
2023-05-24 16:21 ` Mickaël Salaün
2023-05-18 20:45 ` [PATCH v2] lsm: adds process attribute getter " Shervin Oloumi
2023-05-18 21:26 ` Casey Schaufler
2023-05-22 19:56 ` Paul Moore
2023-05-23 6:13 ` Jeff Xu
2023-05-23 15:32 ` Casey Schaufler
2023-05-30 18:02 ` Jeff Xu
2023-05-30 19:05 ` Casey Schaufler
2023-05-31 13:01 ` Mickaël Salaün
2023-06-01 20:45 ` Jeff Xu
2023-06-01 21:30 ` Casey Schaufler
2023-05-23 21:12 ` Paul Moore
2023-05-24 15:38 ` Mickaël Salaün [this message]
2023-05-24 16:02 ` Mickaël Salaün
2023-05-25 16:28 ` Casey Schaufler
2023-05-30 18:05 ` Jeff Xu
2023-05-30 19:19 ` Casey Schaufler
2023-05-31 13:26 ` Mickaël Salaün
2023-06-01 20:48 ` Jeff Xu
2023-06-01 21:34 ` Casey Schaufler
2023-06-01 22:08 ` Mickaël Salaün
2023-05-24 16:05 ` Mickaël Salaün
2023-05-19 0:11 ` kernel test robot
2023-05-19 5:22 ` kernel test robot
2023-05-24 16:48 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1225a567-4ff5-462e-0db6-1a88a748d787@digikod.net \
--to=mic@digikod.net \
--cc=allenwebb@chromium.org \
--cc=areber@redhat.com \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=criu@openvz.org \
--cc=enlightened@chromium.org \
--cc=gnoack3000@gmail.com \
--cc=groeck@chromium.org \
--cc=jannh@google.com \
--cc=jeffxu@chromium.org \
--cc=jorgelo@chromium.org \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.