From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F3C1C04AB5 for ; Thu, 6 Jun 2019 21:54:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F39DB204FD for ; Thu, 6 Jun 2019 21:54:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="EGncbImd" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728802AbfFFVyb (ORCPT ); Thu, 6 Jun 2019 17:54:31 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:34686 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728767AbfFFVya (ORCPT ); Thu, 6 Jun 2019 17:54:30 -0400 Received: by mail-pg1-f194.google.com with SMTP id h2so2106933pgg.1 for ; Thu, 06 Jun 2019 14:54:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nRTOxuA/Gwk436wjdRLZFFI2IWjHeK4nxXXVH9+gvJE=; b=EGncbImdzKfDyyHC/wGTZ/hfrEnzQxuTOp2J1Y0gY1VpXSC9Md3ikeKaFw/Z3B22v7 0DNodTI71qmiSKyhcOcGu+kQr8Xu0pMtEttTsx96lJ6bMriq7jNWzBs9Y+FEnRfLOpYZ qz8wRnKzKQ/VpDiQMqXU5ddM+QmOqL0WbO7UAMFLeVZf/ZN5YPfFzeJx1xGjcCAya2fh dZWvMCYQhQ+zwgrcrrAc3oohAIXvEeBEVJRMsTPMM3Mg8+24b3tPfpaFLAnoONbYwo3M bJ862/yfW4n5Z66MhmTBXgNY7GFN7zknPozfRMiFJXfEWmnKk6ZewdvLUz9dDYBeAWlR IGSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nRTOxuA/Gwk436wjdRLZFFI2IWjHeK4nxXXVH9+gvJE=; b=ONWGE4Q+OhrO5v6HvX+qJ3NdJiu2QiWalRo5BWHsjjh1i4Qy/Z6exaIvxEG5lvY6Vv L68ojKX2jDNdM6srTW8RO8vXxR+bBnw7A4Yd7bNDVCfpcKBi8iEQ3YHN1XXGYLoDNU4r sbH23bvr0Sjmsd+72PJZnRUZh83mNe4h6i9G7IVyb+y8KN3D+BTii/B4M7YXJdeYCQhL 991rELXs31TfL6SJLmDxBM08YsVOuNy9Msn+FuF4glnhMJ0BlM/kI9s3VFlxqUWQkKTM Qh8MVEp/qZj6cr4VqvXpkkd5AI5tTO9in4yPDbcf3gwh6JftcO3SU/yIG1aJGDvxbIwA twhA== X-Gm-Message-State: APjAAAXmDm1fXyhDAlIQ2V6nh0qlXLR0kzxFWToztwq/bC7/0IZfATpb 9g9TZdqZ1qmll1YofIRyyFmOxw== X-Google-Smtp-Source: APXvYqxFQa7/xE+mo3PRdCgIrbB81YZuPBHMMdpvWLdYui3Pw7zIn8HCIDPOffgGuFZp2pZ6jeQSxw== X-Received: by 2002:a62:1483:: with SMTP id 125mr55452892pfu.137.1559858070049; Thu, 06 Jun 2019 14:54:30 -0700 (PDT) Received: from ?IPv6:2601:646:c200:1ef2:f1c4:94fc:993:1923? ([2601:646:c200:1ef2:f1c4:94fc:993:1923]) by smtp.gmail.com with ESMTPSA id h62sm126764pgc.77.2019.06.06.14.54.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jun 2019 14:54:28 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3] From: Andy Lutomirski X-Mailer: iPhone Mail (16F203) In-Reply-To: <23611.1559855827@warthog.procyon.org.uk> Date: Thu, 6 Jun 2019 14:54:27 -0700 Cc: Andy Lutomirski , Casey Schaufler , Stephen Smalley , Al Viro , Greg Kroah-Hartman , USB list , raven@themaw.net, Linux FS Devel , Linux API , linux-block@vger.kernel.org, keyrings@vger.kernel.org, LSM List , LKML , Paul Moore Content-Transfer-Encoding: quoted-printable Message-Id: References: <155981411940.17513.7137844619951358374.stgit@warthog.procyon.org.uk> <3813.1559827003@warthog.procyon.org.uk> <8382af23-548c-f162-0e82-11e308049735@tycho.nsa.gov> <0eb007c5-b4a0-9384-d915-37b0e5a158bf@schaufler-ca.com> <07e92045-2d80-8573-4d36-643deeaff9ec@schaufler-ca.com> <23611.1559855827@warthog.procyon.org.uk> To: David Howells Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Jun 6, 2019, at 2:17 PM, David Howells wrote: >=20 > Andy Lutomirski wrote: >=20 >>>> You are allowing arbitrary information flow between T and W above. Who= >>>> cares about notifications? >>>=20 >>> I do. If Watched object is /dev/null no data flow is possible. >>> There are many objects on a modern Linux system for which this >>> is true. Even if it's "just a file" the existence of one path >>> for data to flow does not justify ignoring the rules for other >>> data paths. >>=20 >> Aha! >>=20 >> Even ignoring security, writes to things like /dev/null should >> probably not trigger notifications to people who are watching >> /dev/null. (There are probably lots of things like this: /dev/zero, >> /dev/urandom, etc.) >=20 > Even writes to /dev/null might generate access notifications; leastways, > vfs_read() will call fsnotify_access() afterwards on success. Hmm. I can see this being an issue, but I guess not with your patch set. >=20 > Whether or not you can set marks on open device files is another matter. >=20 >> David, are there any notification types that have this issue in your >> patchset? If so, is there a straightforward way to fix it? >=20 > I'm not sure what issue you're referring to specifically. Do you mean whe= ther > writes to device files generate notifications? I mean: are there cases where some action generates a notification but does n= ot otherwise have an effect visible to the users who can receive the notific= ation. It looks like the answer is probably =E2=80=9Cno=E2=80=9D, which is g= ood. Casey, is this good enough for you, or is there still an issue?=