Re: [RFC] lsm: namespace hooks

From: Eric W. Biederman
Date: Tue Dec 09 2014 - 11:15:34 EST

Next message: Catalin Marinas: "Re: [PATCH] arm64: psci: Fix build breakage without PM_SLEEP"
Previous message: Mark Brown: "Re: [PATCH 1/2] drivers/regulator/core.c: Don't print error on EPROBE_DEFER"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx> writes:

> On czw, 2014-11-27 at 18:38 +0100, Lukasz Pawelczyk wrote:
>> Right now the major issue I see is that LSM by itself is not defined how
>> it's going to behave. It's up to a specific LSM module.
>>
>> E.g. within the Smack namespace filling the map is a privileged
>> operation. So by tying them up you cripple the ability to create a fully
>> working user namespace as an unprivileged process.
>
> Entertaining the idea that LSM namespace would be tied to user namespace
> (as you suggested) how do you see the limitation I described above?

If they are tied it means you wind up in a situation where there are no
labels you can set.

In general setting the uid and gid maps is also a privileged operations.

I really don't know what makes sense to do with lsms and namespaces
generically, but I do know that your lsm namespace patche were awkwards
and weird and seemed to be taking things in the wrong direction.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Catalin Marinas: "Re: [PATCH] arm64: psci: Fix build breakage without PM_SLEEP"
Previous message: Mark Brown: "Re: [PATCH 1/2] drivers/regulator/core.c: Don't print error on EPROBE_DEFER"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]