From: Jonathan Chapman-Moore <jdm7dv@outlook.com>
To: Paul Moore <paul@paul-moore.com>,
"Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Frederick Lawler <fred@cloudflare.com>,
"kpsingh@kernel.org" <kpsingh@kernel.org>,
"revest@chromium.org" <revest@chromium.org>,
"jackmanb@chromium.org" <jackmanb@chromium.org>,
"ast@kernel.org" <ast@kernel.org>,
"daniel@iogearbox.net" <daniel@iogearbox.net>,
"andrii@kernel.org" <andrii@kernel.org>,
"kafai@fb.com" <kafai@fb.com>,
"songliubraving@fb.com" <songliubraving@fb.com>,
"yhs@fb.com" <yhs@fb.com>,
"john.fastabend@gmail.com" <john.fastabend@gmail.com>,
"jmorris@namei.org" <jmorris@namei.org>,
"serge@hallyn.com" <serge@hallyn.com>,
"stephen.smalley.work@gmail.com" <stephen.smalley.work@gmail.com>,
"eparis@parisplace.org" <eparis@parisplace.org>,
"shuah@kernel.org" <shuah@kernel.org>,
"brauner@kernel.org" <brauner@kernel.org>,
"casey@schaufler-ca.com" <casey@schaufler-ca.com>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"selinux@vger.kernel.org" <selinux@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"kernel-team@cloudflare.com" <kernel-team@cloudflare.com>,
"cgzones@googlemail.com" <cgzones@googlemail.com>,
"karl@bigbadwolfsecurity.com" <karl@bigbadwolfsecurity.com>,
"tixxdz@gmail.com" <tixxdz@gmail.com>
Subject: RE: [PATCH v5 0/4] Introduce security_create_user_ns()
Date: Thu, 18 Aug 2022 00:35:49 +0000 [thread overview]
Message-ID: <MN2PR15MB2622E8357FDB67B8222D47119A6D9@MN2PR15MB2622.namprd15.prod.outlook.com> (raw)
In-Reply-To: <CAHC9VhQnPAsmjmKo-e84XDJ1wmaOFkTKPjjztsOa9Yrq+AeAQA@mail.gmail.com>
Hi,
Please remove me from this list and stop harassing me.
Jonathan Moore
-----Original Message-----
From: Paul Moore <paul@paul-moore.com>
Sent: Wednesday, August 17, 2022 5:51 PM
To: Eric W. Biederman <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>; Frederick Lawler <fred@cloudflare.com>; kpsingh@kernel.org; revest@chromium.org; jackmanb@chromium.org; ast@kernel.org; daniel@iogearbox.net; andrii@kernel.org; kafai@fb.com; songliubraving@fb.com; yhs@fb.com; john.fastabend@gmail.com; jmorris@namei.org; serge@hallyn.com; stephen.smalley.work@gmail.com; eparis@parisplace.org; shuah@kernel.org; brauner@kernel.org; casey@schaufler-ca.com; bpf@vger.kernel.org; linux-security-module@vger.kernel.org; selinux@vger.kernel.org; linux-kselftest@vger.kernel.org; linux-kernel@vger.kernel.org; netdev@vger.kernel.org; kernel-team@cloudflare.com; cgzones@googlemail.com; karl@bigbadwolfsecurity.com; tixxdz@gmail.com
Subject: Re: [PATCH v5 0/4] Introduce security_create_user_ns()
On Wed, Aug 17, 2022 at 5:24 PM Eric W. Biederman <ebiederm@xmission.com> wrote:
> I object to adding the new system configuration knob.
>
> Especially when I don't see people explaining why such a knob is a good
> idea. What is userspace going to do with this new feature that makes it
> worth maintaining in the kernel?
From https://lore.kernel.org/all/CAEiveUdPhEPAk7Y0ZXjPsD=Vb5hn453CHzS9aG-tkyRa8bf_eg@mail.gmail.com/
"We have valid use cases not specifically related to the
attack surface, but go into the middle from bpf observability
to enforcement. As we want to track namespace creation, changes,
nesting and per task creds context depending on the nature of
the workload."
-Djalal Harouni
From https://lore.kernel.org/linux-security-module/CALrw=nGT0kcHh4wyBwUF-Q8+v8DgnyEJM55vfmABwfU67EQn=g@mail.gmail.com/
"[W]e do want to embrace user namespaces in our code and some of
our workloads already depend on it. Hence we didn't agree to
Debian's approach of just having a global sysctl. But there is
"our code" and there is "third party" code, which might not even
be open source due to various reasons. And while the path exists
for that code to do something bad - we want to block it."
-Ignat Korchagin
From https://lore.kernel.org/linux-security-module/CAHC9VhSKmqn5wxF3BZ67Z+-CV7sZzdnO+JODq48rZJ4WAe8ULA@mail.gmail.com/
"I've heard you talk about bugs being the only reason why people
would want to ever block user namespaces, but I think we've all
seen use cases now where it goes beyond that. However, even if
it didn't, the need to build high confidence/assurance systems
where big chunks of functionality can be disabled based on a
security policy is a very real use case, and this patchset would
help enable that."
-Paul Moore (with apologies for self-quoting)
From https://lore.kernel.org/linux-security-module/CAHC9VhRSCXCM51xpOT95G_WVi=UQ44gNV=uvvG23p8wn16uYSA@mail.gmail.com/
"One of the selling points of the BPF LSM is that it allows for
various different ways of reporting and logging beyond audit.
However, even if it was limited to just audit I believe that
provides some useful justification as auditing fork()/clone()
isn't quite the same and could be difficult to do at scale in
some configurations."
-Paul Moore (my apologies again)
From https://lore.kernel.org/linux-security-module/20220722082159.jgvw7jgds3qwfyqk@wittgenstein/
"Nice and straightforward."
-Christian Brauner
--
paul-moore.com
next prev parent reply other threads:[~2022-08-18 0:36 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 16:20 [PATCH v5 0/4] Introduce security_create_user_ns() Frederick Lawler
2022-08-15 16:20 ` [PATCH v5 1/4] security, lsm: " Frederick Lawler
2022-08-15 16:20 ` [PATCH v5 2/4] bpf-lsm: Make bpf_lsm_userns_create() sleepable Frederick Lawler
2022-08-15 16:20 ` [PATCH v5 3/4] selftests/bpf: Add tests verifying bpf lsm userns_create hook Frederick Lawler
2022-08-15 16:20 ` [PATCH v5 4/4] selinux: Implement " Frederick Lawler
2022-08-16 21:51 ` [PATCH v5 0/4] Introduce security_create_user_ns() Paul Moore
2022-08-17 15:07 ` Eric W. Biederman
2022-08-17 16:01 ` Paul Moore
2022-08-17 19:57 ` Eric W. Biederman
2022-08-17 20:13 ` Paul Moore
2022-08-17 20:56 ` Eric W. Biederman
2022-08-17 21:09 ` Paul Moore
2022-08-17 21:24 ` Eric W. Biederman
2022-08-17 21:50 ` Paul Moore
2022-08-18 0:35 ` Jonathan Chapman-Moore [this message]
2022-08-18 14:05 ` Serge E. Hallyn
2022-08-18 15:11 ` Paul Moore
2022-08-19 14:45 ` Serge E. Hallyn
2022-08-19 21:10 ` Paul Moore
2022-08-25 18:15 ` Eric W. Biederman
2022-08-25 19:19 ` Paul Moore
2022-08-25 21:58 ` Song Liu
2022-08-25 22:10 ` Paul Moore
2022-08-25 22:42 ` Song Liu
2022-08-26 15:02 ` Paul Moore
2022-08-26 16:57 ` Song Liu
2022-08-26 15:24 ` Serge E. Hallyn
2022-08-26 17:00 ` Song Liu
2022-08-26 21:00 ` Serge E. Hallyn
2022-08-26 22:34 ` Song Liu
2022-08-29 15:33 ` Christian Brauner
2022-09-03 3:58 ` Serge E. Hallyn
2022-08-26 9:10 ` Ignat Korchagin
2022-08-26 15:12 ` Paul Moore
2022-08-26 15:23 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR15MB2622E8357FDB67B8222D47119A6D9@MN2PR15MB2622.namprd15.prod.outlook.com \
--to=jdm7dv@outlook.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=cgzones@googlemail.com \
--cc=daniel@iogearbox.net \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=fred@cloudflare.com \
--cc=jackmanb@chromium.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=karl@bigbadwolfsecurity.com \
--cc=kernel-team@cloudflare.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=revest@chromium.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=songliubraving@fb.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.