From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752802AbdKJKiE (ORCPT ); Fri, 10 Nov 2017 05:38:04 -0500 Received: from mail-qk0-f181.google.com ([209.85.220.181]:57160 "EHLO mail-qk0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751683AbdKJKiB (ORCPT ); Fri, 10 Nov 2017 05:38:01 -0500 X-Google-Smtp-Source: AGs4zMZ322eEKSkMr0onZ0s9kQksbwVV0fbKJRjnFKgipT3yij5fZI5YjYuQO6N6To90PvLTKrd9U2CDgbxuUjvJPrw= MIME-Version: 1.0 In-Reply-To: References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> From: Djalal Harouni Date: Fri, 10 Nov 2017 11:38:00 +0100 Message-ID: Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option To: Andy Lutomirski Cc: Kees Cook , Alexey Gladkov , Andrew Morton , Linux FS Devel , "linux-kernel@vger.kernel.org" , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , "Tobin C. Harding" , Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 10, 2017 at 3:38 AM, Andy Lutomirski wrote: > On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: >> This patch introduces the new 'pids' mount option, as it was discussed >> and suggested by Andy Lutomirski [1]. >> >> * If 'pids=' is passed without 'newinstance' then it has no effect. > > Would it be safer this were an error instead? Hm, I tend to say that you are right, but I also keep your comment when you said that "newinstance" should be the default later and users won't have to explicitly pass it. What you think ? -- tixxdz From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-f181.google.com ([209.85.220.181]:57160 "EHLO mail-qk0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751683AbdKJKiB (ORCPT ); Fri, 10 Nov 2017 05:38:01 -0500 MIME-Version: 1.0 In-Reply-To: References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> From: Djalal Harouni Date: Fri, 10 Nov 2017 11:38:00 +0100 Message-ID: Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option To: Andy Lutomirski Cc: Kees Cook , Alexey Gladkov , Andrew Morton , Linux FS Devel , "linux-kernel@vger.kernel.org" , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , "Tobin C. Harding" , Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Fri, Nov 10, 2017 at 3:38 AM, Andy Lutomirski wrote: > On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: >> This patch introduces the new 'pids' mount option, as it was discussed >> and suggested by Andy Lutomirski [1]. >> >> * If 'pids=' is passed without 'newinstance' then it has no effect. > > Would it be safer this were an error instead? Hm, I tend to say that you are right, but I also keep your comment when you said that "newinstance" should be the default later and users won't have to explicitly pass it. What you think ? -- tixxdz From mboxrd@z Thu Jan 1 00:00:00 1970 From: Djalal Harouni Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option Date: Fri, 10 Nov 2017 11:38:00 +0100 Message-ID: References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Return-path: In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Andy Lutomirski Cc: Kees Cook , Alexey Gladkov , Andrew Morton , Linux FS Devel , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , "Tobin C. Harding" , Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus List-Id: linux-api@vger.kernel.org On Fri, Nov 10, 2017 at 3:38 AM, Andy Lutomirski wrote: > On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: >> This patch introduces the new 'pids' mount option, as it was discussed >> and suggested by Andy Lutomirski [1]. >> >> * If 'pids=' is passed without 'newinstance' then it has no effect. > > Would it be safer this were an error instead? Hm, I tend to say that you are right, but I also keep your comment when you said that "newinstance" should be the default later and users won't have to explicitly pass it. What you think ? -- tixxdz From mboxrd@z Thu Jan 1 00:00:00 1970 From: tixxdz@gmail.com (Djalal Harouni) Date: Fri, 10 Nov 2017 11:38:00 +0100 Subject: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option In-Reply-To: References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Fri, Nov 10, 2017 at 3:38 AM, Andy Lutomirski wrote: > On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: >> This patch introduces the new 'pids' mount option, as it was discussed >> and suggested by Andy Lutomirski [1]. >> >> * If 'pids=' is passed without 'newinstance' then it has no effect. > > Would it be safer this were an error instead? Hm, I tend to say that you are right, but I also keep your comment when you said that "newinstance" should be the default later and users won't have to explicitly pass it. What you think ? -- tixxdz -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> From: Djalal Harouni Date: Fri, 10 Nov 2017 11:38:00 +0100 Message-ID: Content-Type: text/plain; charset="UTF-8" Subject: [kernel-hardening] Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option To: Andy Lutomirski Cc: Kees Cook , Alexey Gladkov , Andrew Morton , Linux FS Devel , "linux-kernel@vger.kernel.org" , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , "Tobin C. Harding" , Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer List-ID: On Fri, Nov 10, 2017 at 3:38 AM, Andy Lutomirski wrote: > On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: >> This patch introduces the new 'pids' mount option, as it was discussed >> and suggested by Andy Lutomirski [1]. >> >> * If 'pids=' is passed without 'newinstance' then it has no effect. > > Would it be safer this were an error instead? Hm, I tend to say that you are right, but I also keep your comment when you said that "newinstance" should be the default later and users won't have to explicitly pass it. What you think ? -- tixxdz