From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755763AbdKJCi6 (ORCPT ); Thu, 9 Nov 2017 21:38:58 -0500 Received: from mail.kernel.org ([198.145.29.99]:48336 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755627AbdKJCiz (ORCPT ); Thu, 9 Nov 2017 21:38:55 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2370E2197A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org X-Google-Smtp-Source: ABhQp+Q81GnQoC09n4txrtLR3mCCdatVvZN0NEYxtmJZBX8Gx2QY+fTfyJbLkn0po4w3Kqu+pOzdYh2UEeXsB05Auj4= MIME-Version: 1.0 In-Reply-To: <1510244046-3256-7-git-send-email-tixxdz@gmail.com> References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> From: Andy Lutomirski Date: Thu, 9 Nov 2017 18:38:34 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option To: Djalal Harouni Cc: Kees Cook , Alexey Gladkov , Andy Lutomirski , Andrew Morton , Linux FS Devel , "linux-kernel@vger.kernel.org" , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , me@tobin.cc, Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: > This patch introduces the new 'pids' mount option, as it was discussed > and suggested by Andy Lutomirski [1]. > > * If 'pids=' is passed without 'newinstance' then it has no effect. Would it be safer this were an error instead? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.kernel.org ([198.145.29.99]:48326 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755575AbdKJCiz (ORCPT ); Thu, 9 Nov 2017 21:38:55 -0500 Received: from mail-io0-f182.google.com (mail-io0-f182.google.com [209.85.223.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 14D5C218E3 for ; Fri, 10 Nov 2017 02:38:55 +0000 (UTC) Received: by mail-io0-f182.google.com with SMTP id h70so12032359ioi.4 for ; Thu, 09 Nov 2017 18:38:55 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <1510244046-3256-7-git-send-email-tixxdz@gmail.com> References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> From: Andy Lutomirski Date: Thu, 9 Nov 2017 18:38:34 -0800 Message-ID: Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option To: Djalal Harouni Cc: Kees Cook , Alexey Gladkov , Andy Lutomirski , Andrew Morton , Linux FS Devel , "linux-kernel@vger.kernel.org" , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , me@tobin.cc, Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: > This patch introduces the new 'pids' mount option, as it was discussed > and suggested by Andy Lutomirski [1]. > > * If 'pids=' is passed without 'newinstance' then it has no effect. Would it be safer this were an error instead? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option Date: Thu, 9 Nov 2017 18:38:34 -0800 Message-ID: References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Return-path: In-Reply-To: <1510244046-3256-7-git-send-email-tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Djalal Harouni Cc: Kees Cook , Alexey Gladkov , Andy Lutomirski , Andrew Morton , Linux FS Devel , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , me-xzjC0nNlxno@public.gmane.org, Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" List-Id: linux-api@vger.kernel.org On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: > This patch introduces the new 'pids' mount option, as it was discussed > and suggested by Andy Lutomirski [1]. > > * If 'pids=' is passed without 'newinstance' then it has no effect. Would it be safer this were an error instead? From mboxrd@z Thu Jan 1 00:00:00 1970 From: luto@kernel.org (Andy Lutomirski) Date: Thu, 9 Nov 2017 18:38:34 -0800 Subject: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option In-Reply-To: <1510244046-3256-7-git-send-email-tixxdz@gmail.com> References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: > This patch introduces the new 'pids' mount option, as it was discussed > and suggested by Andy Lutomirski [1]. > > * If 'pids=' is passed without 'newinstance' then it has no effect. Would it be safer this were an error instead? -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <1510244046-3256-7-git-send-email-tixxdz@gmail.com> References: <1510244046-3256-1-git-send-email-tixxdz@gmail.com> <1510244046-3256-7-git-send-email-tixxdz@gmail.com> From: Andy Lutomirski Date: Thu, 9 Nov 2017 18:38:34 -0800 Message-ID: Content-Type: text/plain; charset="UTF-8" Subject: [kernel-hardening] Re: [PATCH RFC v3 6/7] proc: support new 'pids=all|ptraceable' mount option To: Djalal Harouni Cc: Kees Cook , Alexey Gladkov , Andy Lutomirski , Andrew Morton , Linux FS Devel , "linux-kernel@vger.kernel.org" , "kernel-hardening@lists.openwall.com" , LSM List , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , me@tobin.cc, Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer List-ID: On Thu, Nov 9, 2017 at 8:14 AM, Djalal Harouni wrote: > This patch introduces the new 'pids' mount option, as it was discussed > and suggested by Andy Lutomirski [1]. > > * If 'pids=' is passed without 'newinstance' then it has no effect. Would it be safer this were an error instead?