From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751151AbdEaPQA (ORCPT <rfc822;w@1wt.eu>);
        Wed, 31 May 2017 11:16:00 -0400
Received: from www.llwyncelyn.cymru ([82.70.14.225]:57992 "EHLO fuzix.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750998AbdEaPP6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 May 2017 11:15:58 -0400
Date: Wed, 31 May 2017 16:14:54 +0100
From: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: jmorris@namei.org, keescook@chromium.org,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org,
        kernel-hardening@lists.openwall.com, casey@schaufler-ca.com,
        hch@infradead.org, igor.stoppa@huawei.com, james.l.morris@oracle.com,
        paul@paul-moore.com, sds@tycho.nsa.gov
Subject: Re: [PATCH] LSM: Convert security_hook_heads into explicit array of
 struct list_head
Message-ID: <20170531161454.364632c7@alans-desktop>
In-Reply-To: <201706010010.EHB81211.LFMOFSQJtFVOOH@I-love.SAKURA.ne.jp>
References: <201705302329.IEB05735.FLJOFHSQVtOOFM@I-love.SAKURA.ne.jp>
        <20170530162550.19ba1811@alans-desktop>
        <alpine.LRH.2.20.1705310858430.6920@namei.org>
        <201705311941.CGD64590.MOFSOLFJtQFOVH@I-love.SAKURA.ne.jp>
        <20170531154317.4f487300@alans-desktop>
        <201706010010.EHB81211.LFMOFSQJtFVOOH@I-love.SAKURA.ne.jp>
Organization: Intel Corporation
X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 1 Jun 2017 00:10:07 +0900
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> wrote:

> Alan Cox wrote:
> > > I saw several companies who ship their embedded devices with
> > > single-function LSM modules (e.g. restrict only mount operation and
> > > ptrace operation). What is unfortunate is that their LSM modules had
> > > never been proposed for upstream, and thus bugs remained unnoticed.  
> >
> > So which of them cannot be done with seccomp ? We have a small tight
> > interface for simple things like restricting a few calls.  
> 
> They restricted based on hard-coded rules. seccomp is too much for their cases.

Seccomp is tiny. They may not know how to use it but the job of the
kernel is to provide generic interfaces. Seccomp seems to do that just
fine for simple stuff.

Alan