From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnd Bergmann <arnd@arndb.de>,
Casey Schaufler <casey@schaufler-ca.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Daniel Mack <daniel@zonque.org>,
David Drysdale <drysdale@google.com>,
"David S . Miller" <davem@davemloft.net>,
Elena Reshetova <elena.reshetova@intel.com>,
"Eric W . Biederman" <ebiederm@xmission.com>,
James Morris <james.l.morris@oracle.com>,
Kees Cook <keescook@chromium.org>, Paul Moore <pmoore@redhat.com>,
Sargun Dhillon <sargun@sargun.me>,
"Serge E . Hallyn" <serge@hallyn.com>, Tejun Heo <tj@kernel.org>,
Will Drewry <wad@chromium.org>,
kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-security-module@vger.kernel.org, netdev@vger.kernel.org,
cgroups@vger.kernel.org
Subject: [kernel-hardening] lsm naming dilemma. Re: [RFC v3 07/22] landlock: Handle file comparisons
Date: Mon, 19 Sep 2016 17:12:16 -0700
Message-ID: <20160920001215.GA91808@ast-mbp.thefacebook.com> (raw)
In-Reply-To: <57DB11B6.7090500@digikod.net>
On Thu, Sep 15, 2016 at 11:25:10PM +0200, Mickaël Salaün wrote:
> >> Agreed. With this RFC, the Checmate features (i.e. network helpers)
> >> should be able to sit on top of Landlock.
> >
> > I think neither of them should be called fancy names for no technical reason.
> > We will have only one bpf based lsm. That's it and it doesn't
> > need an obscure name. Directory name can be security/bpf/..stuff.c
>
> I disagree on an LSM named "BPF". I first started with the "seccomp LSM"
> name (first RFC) but I later realized that it is confusing because
> seccomp is associated to its syscall and the underlying features. Same
> thing goes for BPF. It is also artificially hard to grep on a name too
> used in the kernel source tree.
> Making an association between the generic eBPF mechanism and a security
> centric approach (i.e. LSM) seems a bit reductive (for BPF). Moreover,
> the seccomp interface [1] can still be used.
agree with above.
> Landlock is a nice name to depict a sandbox as an enclave (i.e. a
> landlocked country/state). I want to keep this name, which is simple,
> express the goal of Landlock nicely and is comparable to other sandbox
> mechanisms as Seatbelt or Pledge.
> Landlock should not be confused with the underlying eBPF implementation.
> Landlock could use more than only eBPF in the future and eBPF could be
> used in other LSM as well.
there will not be two bpf based LSMs.
Therefore unless you can convince Sargun to give up his 'checmate' name,
nothing goes in.
The features you both need are 90% the same, so they must be done
as part of single LSM whatever you both agree to call it.
next prev parent reply index
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-14 7:23 [kernel-hardening] [RFC v3 00/22] Landlock LSM: Unprivileged sandboxing Mickaël Salaün
2016-09-14 7:23 ` [kernel-hardening] [RFC v3 01/22] landlock: Add Kconfig Mickaël Salaün
2016-09-14 7:23 ` [kernel-hardening] [RFC v3 02/22] bpf: Move u64_to_ptr() to BPF headers and inline it Mickaël Salaün
2016-09-14 7:23 ` [kernel-hardening] [RFC v3 03/22] bpf,landlock: Add a new arraymap type to deal with (Landlock) handles Mickaël Salaün
2016-09-14 18:51 ` [kernel-hardening] " Alexei Starovoitov
2016-09-14 23:22 ` Mickaël Salaün
2016-09-14 23:28 ` Alexei Starovoitov
2016-09-15 21:51 ` Mickaël Salaün
2016-10-03 23:53 ` Kees Cook
2016-10-05 22:02 ` Mickaël Salaün
2016-09-14 7:23 ` [kernel-hardening] [RFC v3 04/22] bpf: Set register type according to is_valid_access() Mickaël Salaün
2016-10-19 14:54 ` [kernel-hardening] " Thomas Graf
2016-10-19 15:10 ` Daniel Borkmann
2016-09-14 7:23 ` [kernel-hardening] [RFC v3 05/22] bpf,landlock: Add eBPF program subtype and is_valid_subtype() verifier Mickaël Salaün
2016-10-19 15:01 ` [kernel-hardening] " Thomas Graf
2016-09-14 7:23 ` [kernel-hardening] [RFC v3 06/22] landlock: Add LSM hooks Mickaël Salaün
2016-10-19 15:19 ` [kernel-hardening] " Thomas Graf
2016-10-19 22:42 ` Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 07/22] landlock: Handle file comparisons Mickaël Salaün
2016-09-14 19:07 ` [kernel-hardening] " Jann Horn
2016-09-14 22:39 ` Mickaël Salaün
2016-09-14 21:06 ` Alexei Starovoitov
2016-09-14 23:02 ` Mickaël Salaün
2016-09-14 23:24 ` Alexei Starovoitov
2016-09-15 21:25 ` Mickaël Salaün
2016-09-20 0:12 ` Alexei Starovoitov [this message]
2016-09-20 1:10 ` [kernel-hardening] Re: lsm naming dilemma. " Sargun Dhillon
2016-09-20 16:58 ` Mickaël Salaün
2016-10-03 23:30 ` [kernel-hardening] " Kees Cook
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 08/22] seccomp: Fix documentation for struct seccomp_filter Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 09/22] seccomp: Move struct seccomp_filter in seccomp.h Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 10/22] seccomp: Split put_seccomp_filter() with put_seccomp() Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 11/22] seccomp,landlock: Handle Landlock hooks per process hierarchy Mickaël Salaün
2016-09-14 18:43 ` [kernel-hardening] " Andy Lutomirski
2016-09-14 22:34 ` Mickaël Salaün
2016-10-03 23:52 ` Kees Cook
2016-10-05 21:05 ` Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 12/22] bpf: Cosmetic change for bpf_prog_attach() Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 13/22] bpf/cgroup: Replace struct bpf_prog with union bpf_object Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 14/22] bpf/cgroup: Make cgroup_bpf_update() return an error code Mickaël Salaün
2016-09-14 21:16 ` [kernel-hardening] " Alexei Starovoitov
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 15/22] bpf/cgroup: Move capability check Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 16/22] bpf/cgroup,landlock: Handle Landlock hooks per cgroup Mickaël Salaün
2016-10-03 23:43 ` [kernel-hardening] " Kees Cook
2016-10-05 20:58 ` Mickaël Salaün
2016-10-05 21:25 ` Kees Cook
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 17/22] cgroup: Add access check for cgroup_get_from_fd() Mickaël Salaün
2016-09-14 22:06 ` [kernel-hardening] " Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 18/22] cgroup,landlock: Add CGRP_NO_NEW_PRIVS to handle unprivileged hooks Mickaël Salaün
2016-09-14 18:27 ` [kernel-hardening] " Andy Lutomirski
2016-09-14 22:11 ` Mickaël Salaün
2016-09-15 1:25 ` Andy Lutomirski
2016-09-15 2:19 ` Alexei Starovoitov
2016-09-15 2:27 ` Andy Lutomirski
2016-09-15 4:00 ` Alexei Starovoitov
2016-09-15 4:08 ` Andy Lutomirski
2016-09-15 4:31 ` Alexei Starovoitov
2016-09-15 4:38 ` Andy Lutomirski
2016-09-15 4:48 ` Alexei Starovoitov
2016-09-15 19:41 ` Mickaël Salaün
2016-09-20 4:37 ` Sargun Dhillon
2016-09-20 17:02 ` Mickaël Salaün
2016-09-15 19:35 ` Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 19/22] landlock: Add interrupted origin Mickaël Salaün
2016-09-14 18:29 ` [kernel-hardening] " Andy Lutomirski
2016-09-14 22:14 ` Mickaël Salaün
2016-09-15 1:19 ` Andy Lutomirski
2016-10-03 23:46 ` Kees Cook
2016-10-05 21:01 ` Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 20/22] landlock: Add update and debug access flags Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 21/22] bpf,landlock: Add optional skb pointer in the Landlock context Mickaël Salaün
2016-09-14 21:20 ` [kernel-hardening] " Alexei Starovoitov
2016-09-14 22:46 ` Mickaël Salaün
2016-09-14 7:24 ` [kernel-hardening] [RFC v3 22/22] samples/landlock: Add sandbox example Mickaël Salaün
2016-09-14 21:24 ` [kernel-hardening] " Alexei Starovoitov
2016-09-14 14:36 ` [kernel-hardening] RE: [RFC v3 00/22] Landlock LSM: Unprivileged sandboxing David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160920001215.GA91808@ast-mbp.thefacebook.com \
--to=alexei.starovoitov@gmail.com \
--cc=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=cgroups@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=daniel@zonque.org \
--cc=davem@davemloft.net \
--cc=drysdale@google.com \
--cc=ebiederm@xmission.com \
--cc=elena.reshetova@intel.com \
--cc=james.l.morris@oracle.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mic@digikod.net \
--cc=netdev@vger.kernel.org \
--cc=pmoore@redhat.com \
--cc=sargun@sargun.me \
--cc=serge@hallyn.com \
--cc=tj@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Kernel-hardening Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
kernel-hardening@lists.openwall.com
public-inbox-index kernel-hardening
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git